uddi-spec message

Subject: Re: [uddi-spec] The need to adopt a policy framework - concerns over thecurrent approach taken on modeling security/auth

From: Andrew Hately <hately@us.ibm.com>
To: "Luc Clement" <luc.clement@systinet.com>
Date: Mon, 23 May 2005 11:30:09 -0500

>>
I’m very concerned about making any recommendations that should (MUST) be expressed using policy by any other means. I think we should take a step back; finally take that bold move and adopt WS-Policy; and recast these two TNs using WS-Policy/PolicyAttachment.
<<

Regardless of the framework, one of the challenges is that these Technical Notes are proposing composable/reusable policy pieces. I believe they are compatible with WS-Policy as they exist today and we would just need to reference WS-Policy files and we should probably do so. If you are proposing something deeper in terms of policy framework integration such as changing the concept of UDDI searching to be based on something deeper than tModel concept searches, we should discuss this tommorow.

In my opinion the challenge is not picking the framework or language, it is getting these reviewed by people who can articulate if we've got the write reusable policy pieces that would be composable.

Should we form a liasion with the W3C policy working group to move this forward?

Regards,

Andrew Hately
IBM Software Group, Emerging Technologies

"Luc Clement" <luc.clement@systinet.com>

05/22/2005 10:18 PM

To	Andrew Hately/Austin/IBM@IBMUS
cc	<uddi-spec@lists.oasis-open.org>
Subject	[uddi-spec] The need to adopt a policy framework - concerns over the current approach taken on modeling security/auth

Andrew,

Something hadn’t been sitting well with me with the approaches you’ve taken on these two TNs

Modeling Web services Security in UDDI: http://www.oasis-open.org/apps/org/workgroup/uddi-spec/download.php/12217/uddi-spec-tc-tn-wssecurity-20040328.doc
Modeling HTTP Access Auth in UDDI: http://www.oasis-open.org/apps/org/workgroup/uddi-spec/download.php/11960/uddi-spec-tc-tn-httpauth-20050321.doc

The problem stems from the fact that we’ve yet to adopt a policy framework for registry and the approach you’ve taken though not strictly incorrect is only delaying what in my opinion is the inevitable – the adoption of a policy framework for UDDI.

Had we one, we wouldn’t take the approach you’ve taken which as far as I’m concerned is the only reasonable one for you at this point within the current framework – or lack-thereof. That said, it isn’t reasonable for us to delay adopting a policy framework – dare I say WS-PolicyAttachment and WS-Policy.

I’m very concerned about making any recommendations that should (MUST) be expressed using policy by any other means. I think we should take a step back; finally take that bold move and adopt WS-Policy; and recast these two TNs using WS-Policy/PolicyAttachment.

Luc

Luc Clément | Senior Program Manager | Systinet Corporation |
One van de Graaff Drive Burlington, MA 01803
Phone +1 781.362.1330 | Mobile +1 978.793.2162 | Fax +1 781.362.1400 |