Weak TA predicates, again

["Durand, Jacques R." <JDurand@us.fujitsu.com>]

Some cases have been braught up recently (NIST action item from OASIS
TAG TC teleconference, and WS-I), where the TA predicate is
intentionally weak in terms of indicating fulfillment/violation to the
normative statement, for testability reasons.

In other words, some of the predicate outcomes may be inconclusive w/r
to the addressed requirement, by the very nature of the predicate
design.


---------- WS-I example:

Normative source: The signature element contains a key ref that ..., and
either (a) the signature signs directly the (message) Body, or (b) signs
another sig element with same key ref, that itself references the Body.

Target: a SOAP message Envelope that belongs to a secured RM sequence. 

The problem with the requirement is that just by looking on messages
over the wire, one can tell if D-Sig elements reference the Body, but
one cannot tell if in the subcase (b), the SAME signature has been used
for signing this chain of signatures...

Consequently, the predicate has been made weaker to make sure it is
testable in the assumed test environment (and also written for a
negative test here):

TA predicate: (negative case) the sig element that signs the sequence
Header, does not also reference the Body AND there is no other sig
element that signs the body 

-------------- NIST examples ---------

Computer Graphics Metafile standard and TAs for examples:

Case (A) 
Normative statement: Polyline.  Parameters (nP).  Description: A line is
drawn from the first point in the parameter list to the second point,
from the second point to the next point, ... and from the next-to-last
point to the last point.

TA predicate: A polyline has at least 2 points

Note: the predicate is built as a logical conclusion, that the number of
points in a polyline is at least 2. It is not a good indicator of
fulfilment of the normative requirement, only of its violation.

Case (B) 
Normative statement (i):  Begin Segment.  Description: This is the first
element of a segment.  All subsequent elements until the next End
Segment will belong to this segment.
Normative statement (ii): End Segment. Description: This is the last
element of a segment.

TA predicate: Segments are delimited by Begin/End Segment elements.

Note: as you can see, this is also a logical conclusion (but an
observable or testable one) from the statement(s). From such a predicate
we can only infer the violation of the normative statement considered as
specifying "segment", when a "false" outcome. Nothing from a "true"
outcome .

----------------------------------------------

In such cases, it appears we would need some additional info in the TA
to capture the relationship between the predicate and the normative
source, i.e. what the predicate means about requirement fulfillment?

Jacques