OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sca-policy message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [sca-policy] What does this Policy @provide?



Ashok,

My thoughts are inline.....

Yours,  Mike.

Strategist - Emerging Technologies, SCA & SDO.
Co Chair OASIS SCA Assembly TC.
IBM Hursley Park, Mail Point 146, Winchester, SO21 2JN, Great Britain.
Phone & FAX: +44-1962-818014    Mobile: +44-7802-467431  
Email:  mike_edwards@uk.ibm.com



ashok malhotra <ashok.malhotra@oracle.com>

31/03/2008 23:37
Please respond to
ashok.malhotra@oracle.com

To
OASIS Policy <sca-policy@lists.oasis-open.org>
cc
Subject
Re: [sca-policy] What does this Policy @provide?





Following up on this morning's discussion here are a couple of
additional usecases.
In all cases, the question is "what does a policySet wrapping this
policy provide?"

Usecase 1
<wsp:Policy>
<wsp:ExactlyOne>
   <wsp:All>
     <!-- security assertion -->
   </wsp:All>
   <wsp:All>
      <!-- rm assertion -->
   </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>


<mje>
This one cannot claim to provide anything.
You EITHER get some security OR you get some reliability, but you can't
be sure of getting any particular one.
</mje>

Usecase 2
<wsp:Policy>
<wsp:ExactlyOne>
   <wsp:All>
     <!-- MsgProt_WSS10_Alg128 Security assertion -->
   </wsp:All>
   <wsp:All>
      <!-- MsgProt_WSS11_Alg256 security assertion -->
   </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>


<mje>
This one can claim @provides="confidentiality", if I correctly understand that the
assertions are encryption algorithms.  You get some form of encryption either way.
</mje>

Usecase 3:
<wsp:Policy>
<wsp:ExactlyOne>
   <wsp:All>
     <!-- MsgProt_WSS10 Security assertion -->
     <!-- rm_1_0 assertion ->    

        </wsp:All>
    <wsp:All>      
            <!-- MsgProt_WSS11 Security assertion -->
     <!-- rm_1_0 assertion ->    

        </wsp:All> </wsp:ExactlyOne>
</wsp:Policy>

<mje>
Looks like  @provides="confidentiality rmintent", where "rmintent" matches the meaning of the
RM_1_0 assertion (I can't tell which intent in the defined RM set it matches)
</mje>

Usecase 4:
<wsp:Policy> <
wsp:ExactlyOne>    
        <wsp:All>
      <!-- AuthN_SAML Security assertion -->
   </wsp:All>
   <wsp:All>
     <!-- AuthN_UserName Security assertion -->
     <!-- rm_1_1 assertion ->    

        </wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

<mje>
The formatting of this was messed up when I received it - I hope I've put it back correctly.
Looks like @provides="authentication" in this case
</mje>


Ashok ashok malhotra wrote: > Here is a question from one of the Oracle folks. > > Consider a policySet that includes/references the following Policy > > <wsp:Policy Name="combined assertions"> >   <wsp:ExactlyOne> >     <wsp:All> >       <!-- security assertion -->
>       <!-- rm assertion -> >     </wsp:All> >     <wsp:All> >      <!-- security assertion -->
>     </wsp:All>
>   </wsp:ExactlyOne>
> </wsp:Policy>
>
> What should its @provides say?  We can dismiss this as a malformed
> Policy but
> a possible interpretation is that it @provides security and
> @mayProvide rm.
> Dave Booz has been wanting to have a discussion about Reuirements and
> Capbilities.
> This example may get that started.
>
>


--
All the best, Ashok

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php








Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number 741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU








[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]