[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [ws-sx] Issue PR021: Allow W3C version of WS-Policy to be used
There is one issue of mixing WS-Policy
namespace and version that needs to be considered now. During the policy normalization, WS-Policy
only processes its own namespace and all other namespace elements will be
consider as policy assertions. For example, WS-Policy 1.2 processor will
have problem to understand the symmetric binding policy in the following
example: <?xml version="1.0" encoding="UTF-8"?> <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <wsp:ExactlyOne> <wsp15:All xmlns:wsp="http://www.w3.org/2006/07/ws-policy"> <sp:SymmetricBinding> <wsp15:Policy> <sp:ProtectionToken> <wsp15:Policy> <sp:X509Token …"> <wsp15:Policy> <sp:WssX509V3Token10/> </wsp15:Policy> </sp:X509Token> </wsp15:Policy> </sp:ProtectionToken> </wsp15:Policy> </sp:SymmetricBinding> </wsp15:All> <wsp:All> <wsp:Policy> <sp:SignedParts> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> </wsp:Policy> </wsp:All> </wsp:ExactlyOne> </wsp:Policy> Same thing the WS-Policy 1.5 processor, it
will have problem to understand the symmetric binding assertion in the
following policy example: <wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://www.w3.org/2006/07/ws-policy"> <wsp:ExactlyOne> <wsp:All> <wsp:Policy> <sp:SignedParts> <sp:Body/> </sp:SignedParts> <sp:EncryptedParts> <sp:Body/> </sp:EncryptedParts> </wsp:Policy> </wsp:All> <wsp12:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"> <sp:SymmetricBinding> <wsp12:Policy> <sp:ProtectionToken> <wsp12:Policy> <sp:X509Token …. "> <wsp12:Policy> <sp:WssX509V3Token10/> </wsp12:Policy> </sp:X509Token> </wsp12:Policy> </sp:ProtectionToken> </wsp12:Policy> </sp:SymmetricBinding> </wsp12:All> </wsp:ExactlyOne> </wsp:Policy> Should this mix policy namespace/version
situation be considered, when we allow W3C version of WS-Policy to be used? From: Greg Carpenter
[mailto:gregcarp@microsoft.com] Issue PR021 From: Marc Goodner PLEASE
DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS
ASSIGNED A NUMBER. The
issues coordinators will notify the list when that has occurred. Protocol:
ws-securitypolicy Artifact: spec /
schema Type: design Title: Allow W3C version
of WS-Policy to be used Description: WS-Policy
has progressed quickly at the W3C. WS-SecurityPolicy should be updated to allow
the use of WS-Policy 1.5 in addition to the current reference to WS-Policy 1.2.
Related issues: None. Proposed Resolution: 1. Add following text to
WS-SecurityPolicy introduction: “The assertions
defined within this specification have been designed to work independently of a
specific version of WS-Policy. At the time of the publication of this
specification the versions of WS-Policy known to correctly compose with this
specification are WS-Policy 1.2 [current reference] and 1.5 [add reference to
CR when available]. Within this specification the use of the namespace prefix
wsp refers generically to the WS-Policy namespace, not a specific
version.” Strike wsp from the
namespace table. 2. Remove the hard
dependency from the WS-SecurityPolicy XML Schema document to a specific version
of WS-Policy: <xs:complexType name="NestedPolicyType"> <xs:sequence> <xs:element
ref="wsp:Policy" /> <!-- remove this line --> <xs:any minOccurs="0"
maxOccurs="unbounded" namespace="##other"
processContents="lax"/> </xs:sequence> <xs:anyAttribute namespace="##any"
processContents="lax" /> </xs:complexType> The extensibility point
that follows will allow the use of the nested policy. _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]