sca-policy message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [sca-policy] What does this Policy @provide?
- From: Mike Edwards <mike_edwards@uk.ibm.com>
- To: "OASIS Policy" <sca-policy@lists.oasis-open.org>
- Date: Tue, 1 Apr 2008 14:30:03 +0100
Ashok,
My thoughts are inline.....
Yours, Mike.
Strategist - Emerging Technologies, SCA & SDO.
Co Chair OASIS SCA Assembly TC.
IBM Hursley Park, Mail Point 146, Winchester, SO21 2JN, Great Britain.
Phone & FAX: +44-1962-818014 Mobile: +44-7802-467431
Email: mike_edwards@uk.ibm.com
ashok malhotra <ashok.malhotra@oracle.com>
31/03/2008 23:37
Please respond to
ashok.malhotra@oracle.com |
|
To
| OASIS Policy <sca-policy@lists.oasis-open.org>
|
cc
|
|
Subject
| Re: [sca-policy] What does this Policy
@provide? |
|
Following up on this morning's discussion here are
a couple of
additional usecases.
In all cases, the question is "what does a policySet wrapping this
policy provide?"
Usecase 1
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<!-- security assertion -->
</wsp:All>
<wsp:All>
<!-- rm assertion -->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<mje>
This one cannot claim to
provide anything.
You EITHER get some security
OR you get some reliability, but you can't
be sure of getting any
particular one.
</mje>
Usecase 2
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<!-- MsgProt_WSS10_Alg128 Security assertion -->
</wsp:All>
<wsp:All>
<!-- MsgProt_WSS11_Alg256 security assertion -->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<mje>
This one can claim @provides="confidentiality",
if I correctly understand that the
assertions are encryption
algorithms. You get some form of encryption either way.
</mje>
Usecase 3:
<wsp:Policy>
<wsp:ExactlyOne>
<wsp:All>
<!-- MsgProt_WSS10 Security assertion -->
<!-- rm_1_0 assertion ->
</wsp:All>
<wsp:All>
<!-- MsgProt_WSS11 Security
assertion -->
<!-- rm_1_0 assertion ->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<mje>
Looks like @provides="confidentiality
rmintent", where "rmintent" matches the meaning of the
RM_1_0 assertion (I can't
tell which intent in the defined RM set it matches)
</mje>
Usecase 4:
<wsp:Policy>
<
wsp:ExactlyOne>
<wsp:All>
<!-- AuthN_SAML Security assertion
-->
</wsp:All>
<wsp:All>
<!-- AuthN_UserName Security assertion -->
<!-- rm_1_1 assertion ->
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<mje>
The formatting of this
was messed up when I received it - I hope I've put it back correctly.
Looks like @provides="authentication"
in this case
</mje>
Ashok
ashok malhotra wrote:
> Here is a question from one of the Oracle folks.
>
> Consider a policySet that includes/references the following Policy
>
> <wsp:Policy Name="combined assertions">
> <wsp:ExactlyOne>
> <wsp:All>
> <!-- security assertion -->
> <!-- rm assertion ->
> </wsp:All>
> <wsp:All>
> <!-- security assertion -->
> </wsp:All>
> </wsp:ExactlyOne>
> </wsp:Policy>
>
> What should its @provides say? We can dismiss this as a malformed
> Policy but
> a possible interpretation is that it @provides security and
> @mayProvide rm.
> Dave Booz has been wanting to have a discussion about Reuirements
and
> Capbilities.
> This example may get that started.
>
>
--
All the best, Ashok
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. You may a link to this group and all your TCs
in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]