OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Issue PR021: Allow W3C version of WS-Policy to be used

There is one issue of mixing WS-Policy namespace and version that needs to be considered now.

 

During the policy normalization, WS-Policy only processes its own namespace and all other namespace elements will be consider as policy assertions.  For example, WS-Policy 1.2 processor will have problem to understand the symmetric binding policy in the following example:

 

<?xml version="1.0" encoding="UTF-8"?>

<wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

            <wsp:ExactlyOne>

                        <wsp15:All xmlns:wsp="http://www.w3.org/2006/07/ws-policy">

                                    <sp:SymmetricBinding>

                                                <wsp15:Policy>

                                                            <sp:ProtectionToken>

                                                                        <wsp15:Policy>

                                                                                    <sp:X509Token  …">

                                                                                                <wsp15:Policy>

                                                                                                            <sp:WssX509V3Token10/>

                                                                                                </wsp15:Policy>

                                                                                    </sp:X509Token>

                                                                        </wsp15:Policy>

                                                            </sp:ProtectionToken>

                                                </wsp15:Policy>

                                    </sp:SymmetricBinding>

                        </wsp15:All>

                        <wsp:All>

                                    <wsp:Policy>

                                                <sp:SignedParts>

                                                            <sp:Body/>

                                                </sp:SignedParts>

                                                <sp:EncryptedParts>

                                                            <sp:Body/>

                                                </sp:EncryptedParts>

                                    </wsp:Policy>

                        </wsp:All>

            </wsp:ExactlyOne>

</wsp:Policy>

 

Same thing the WS-Policy 1.5 processor, it will have problem to understand the symmetric binding assertion in the following policy example:

 

<wsp:Policy xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy" xmlns:wsp="http://www.w3.org/2006/07/ws-policy">

            <wsp:ExactlyOne>

                        <wsp:All>

                                    <wsp:Policy>

                                                <sp:SignedParts>

                                                            <sp:Body/>

                                                </sp:SignedParts>

                                                <sp:EncryptedParts>

                                                            <sp:Body/>

                                                </sp:EncryptedParts>

                                    </wsp:Policy>

                        </wsp:All>

                        <wsp12:All xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

                                    <sp:SymmetricBinding>

                                                <wsp12:Policy>

                                                            <sp:ProtectionToken>

                                                                        <wsp12:Policy>

                                                                                    <sp:X509Token …. ">

                                                                                                <wsp12:Policy>

                                                                                                            <sp:WssX509V3Token10/>

                                                                                                </wsp12:Policy>

                                                                                    </sp:X509Token>

                                                                        </wsp12:Policy>

                                                            </sp:ProtectionToken>

                                                </wsp12:Policy>

                                    </sp:SymmetricBinding>

                        </wsp12:All>

            </wsp:ExactlyOne>

</wsp:Policy>

 

 

Should this mix policy namespace/version situation be considered, when we allow W3C version of WS-Policy to be used?

 

 

Symon Chang  

 

From: Greg Carpenter [mailto:gregcarp@microsoft.com]
Sent: Monday, February 12, 2007 7:18 AM
To: ws-sx@lists.oasis-open.org
Cc: Marc Goodner
Subject: [ws-sx] Issue PR021: Allow W3C version of WS-Policy to be used

 

Issue PR021

 

From: Marc Goodner
Sent: Sunday, February 11, 2007 7:10 PM
To: ws-sx@lists.oasis-open.org
Cc: Greg Carpenter
Subject: NEW Issue: Allow W3C version of WS-Policy to be used

 

PLEASE DO NOT REPLY TO THIS EMAIL OR START A DISCUSSISON THREAD UNTIL THE ISSUE IS ASSIGNED A NUMBER. 

The issues coordinators will notify the list when that has occurred.

Protocol:  ws-securitypolicy

http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws-securitypolicy-1.2-spec-cd-01.pdf

Artifact:  spec / schema

Type: design

Title: Allow W3C version of WS-Policy to be used

Description:

WS-Policy has progressed quickly at the W3C. WS-SecurityPolicy should be updated to allow the use of WS-Policy 1.5 in addition to the current reference to WS-Policy 1.2.

Related issues:

None.

Proposed Resolution:

1. Add following text to WS-SecurityPolicy introduction:

“The assertions defined within this specification have been designed to work independently of a specific version of WS-Policy. At the time of the publication of this specification the versions of WS-Policy known to correctly compose with this specification are WS-Policy 1.2 [current reference] and 1.5 [add reference to CR when available]. Within this specification the use of the namespace prefix wsp refers generically to the WS-Policy namespace, not a specific version.”

 

Strike wsp from the namespace table.

 

2. Remove the hard dependency from the WS-SecurityPolicy XML Schema document to a specific version of WS-Policy:

 

  <xs:complexType name="NestedPolicyType">

    <xs:sequence>

      <xs:element ref="wsp:Policy" /> <!-- remove this line -->

      <xs:any minOccurs="0" maxOccurs="unbounded" namespace="##other" processContents="lax"/>

    </xs:sequence>

    <xs:anyAttribute namespace="##any" processContents="lax" />

  </xs:complexType>

 

The extensibility point that follows will allow the use of the nested policy.

 

_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]