Re: WS-Policy?

[Anthony Nadalin <drsecure@us.ibm.com>]

>You have now referred to WS-Policy, presumably meaning the WS-Policy
Framework and WS-Policy Attachment documents on which you are listed as a
co-author, a few >itimes in messages to the SSTC as though you think it has
some relevance to our work.  Can you explain what relevance you think it
has?

Yes I mean WS-Policy Framework and the set of family specifications. I
think that WS-Policy is relevant to all specifications that linger into the
Web services area, which the WSS-TC seems to be doing as some of the
Liberty Alliance ID-WSF specifications are being talked about.

WS-Policy provides a general purpose model and corresponding syntax to
describe and communicate the policies of a Web Service.  It defines a base
set of constructs that can be used and extended by other Web Services
specifications to describe a broad range of service requirements,
preferences, capabilities, etc.

The Web service specifications (WS-*) are designed to be composed with each
other to provide a rich set of tools to provide security in the Web
Services environment. WS-Policy by itself does not provide a policy
negotiation solution for Web services, this is provided by
WS-MetadataExchange.  WS-Policy and family specifications form the policy
framework that is used in conjunction with other Web service and
application-specific protocols and specifications to accommodate a wide
variety of policy exchange models.

WS-Policy provides a framework which other specifications can extend.
Extensions may specify assertions that contain scope, preconditions,
business value and decision. these can be used to guide the behavior of
“decision makers”; “decision makers”, in turn, guide the behavior of
“resource managers” by issuing the decisions specified by the assertions.

WS-Policy defines how policy is advertised.  One example is may be  that
you define a “decision federator” that is responsible for storing policies
and distributing them to various decision makers.

In summary, WS-Policy provides a framework into which other policy
assertions can be inserted (i.e. XACML).

Anthony Nadalin | work 512.436.9568 | cell 512.289.4122


|---------+---------------------------->
|         |           "RL 'Bob' Morgan"|
|         |           <rlmorgan@washing|
|         |           ton.edu>         |
|         |                            |
|         |           10/15/2003 11:49 |
|         |           PM               |
|---------+---------------------------->
  >----------------------------------------------------------------------------------------------------------------------------------------------|
  |                                                                                                                                              |
  |       To:       Anthony Nadalin/Austin/IBM@IBMUS                                                                                             |
  |       cc:       OASIS Security Services TC <security-services@lists.oasis-open.org>                                                          |
  |       Subject:  WS-Policy?                                                                                                                   |
  >----------------------------------------------------------------------------------------------------------------------------------------------|





On Wed, 15 Oct 2003, Anthony Nadalin wrote:

> This is a prime example of policy (WS-Policy), not authentication
> context as it goes beyond authentication

Tony:

You have now referred to WS-Policy, presumably meaning the WS-Policy
Framework and WS-Policy Attachment documents on which you are listed as a
co-author, a few times in messages to the SSTC as though you think it has
some relevance to our work.  Can you explain what relevance you think it
has?

 - RL "Bob"