Re: [sca-bindings] [BINDINGS-161]: BWS50015's target is a WSDL 1.1.document, is that appropriate?

[Anish Karmarkar <Anish.Karmarkar@oracle.com>]

I won't push back wrt this direction, but these sort of SHOULDs are part 
of the boilerplate not only for Webservices specs but also IETF RFCs. It 
would be a shame to see these sacrificed at the altar of 'exit criteria'.

-Anish
--

On 5/12/2011 3:38 AM, Mike Edwards wrote:
>
> Folks,
>
> I'm in favour of removing this as a normative statement. I also note
> that the same issue applies both
> to BWS50014 and BWS50015 so I think that this issue should deal with
> both of them.
>
> So my proposal is as follows:
>
> Replace the normative statements [BWS50014] and [BWS50015] with the
> following text:
>
> "It is good practice for Policies and Assertions to be signed to prevent
> tampering. It is acceptable for
> an SCA runtime to reject a Policy that is not signed or where there is
> no associated security token
> which indicates that the signer has appropriate claims for the policy."
>
>
>
> Yours, Mike
> ------------------------------------------------------------------------
> Dr Mike Edwards 	Mail Point 137, Hursley Park 	
> STSM 	Winchester, Hants SO21 2JN
> SCA & Services Standards 	United Kingdom
> Co-Chair OASIS SCA Assembly TC 		
> IBM Software Group 		
> Phone: 	+44-1962 818014 		
> Mobile: 	+44-7802-467431 (274097) 		
> e-mail: 	mike_edwards@uk.ibm.com 		
>
>
>
>
>
> From: 	Anish Karmarkar <Anish.Karmarkar@oracle.com>
> To: 	OASIS Bindings <sca-bindings@lists.oasis-open.org>
> Date: 	12/05/2011 05:58
> Subject: 	[sca-bindings] NEW ISSUE: BWS50015's target is a WSDL 1.1.
> document, is that appropriate?
>
>
> ------------------------------------------------------------------------
>
>
>
> Title: BWS50015's target is a WSDL 1.1. document, is that appropriate?
>
> Spec: sca-wsbinding-1.1-spec-cd04
>
> Description:
>
> BWS50015 states --
> Policies and assertions SHOULD be signed to prevent tampering. [BWS50014]
>
> We haven't defined WSDL 1.1 as a conformance target. Furthermore,
> policies can be inlined in a WSDL document or referenced.
>
> Proposal:
>
> We could go one of two ways, we could define WSDL 1.1 as a target
> OR
> we could refactor this to state that policy assertions ought to be
> signed without using RFC2119 keywords, and add a requirement that says
> that for a SCA WS Binding XML document to be conformant any policy
> referenced (directly or indirectly) SHOULD be signed.
> OR
> we could just remove the SHOULD altogether and just talk about this
> without 2119 keywords.
>
> -Anish
> --
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail. Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> /
> /
>
> /Unless stated otherwise above:
> IBM United Kingdom Limited - Registered in England and Wales with number
> 741598.
> Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU/
>
>
>
>
>
>