OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue 48: Revised proposal

I don't know that "MAY" in your first statement is enough for an implementer of the spec to be sure they don't have to worry about the merge situation. If we say "MUST" then we may screw up other assertions that can apply to multiple subjects, or do you think it applies for all assertion types?

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Sent: Thursday, April 13, 2006 7:23 AM
To: Tony Gullotta
Cc: ws-sx@lists.oasis-open.org
Subject: Re: [ws-sx] Issue 48: Revised proposal

I think that we should just make a general statement which would be along the lines of:

Assertions MAY only apply to one [Policy Subject].

and then have the change in the specific assertion changed to:

This assertion SHOULD apply to [Endpoint Policy Subject].


Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Tony Gullotta" <tony.gullotta@soa.com>"Tony Gullotta" <tony.gullotta@soa.com>


          "Tony Gullotta" <tony.gullotta@soa.com>

          04/12/2006 01:24 PM

To
<ws-sx@lists.oasis-open.org>

cc

Subject
[ws-sx] Issue 48: Revised proposal

I have refined my initial proposal based on discussions at the F2F. To avoid the complexities of defining special rules for merging multiple binding assertions I propose that binding assertions should apply to either the endpoint or the operation, but not both. I've included some proposed text based on the ws-securitypolicy spec version http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/16289/ws-securitypolicy-1.2-spec-ed-01-r04.pdf.

Section 7.4 lines 1529 - 1530 should be changed from:

This assertion MUST apply to [Endpoint Policy Subject].

to:

This assertion SHOULD apply to [Endpoint Policy Subject]. This assertion MAY apply to [Operation Policy Subject]. If this assertion is applied to [Operation Policy Subject] it MUST NOT also be applied to [Endpoint Policy Subject].

Section 7.5 lines 1606 - 1607 should be changed from:

This assertion MUST apply to [Endpoint Policy Subject].

to:

This assertion SHOULD apply to [Endpoint Policy Subject]. This assertion MAY apply to [Operation Policy Subject]. If this assertion is applied to [Operation Policy Subject] it MUST NOT also be applied to [Endpoint Policy Subject].

The following should be added after line 2201 in Appendix A:

A.2.2 Security Binding Assertions

SymmetricBindingAssertion (8.4)
AsymmetricBindingAssertion (8.5)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]