[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Weak TA predicates, again
Some cases have been braught up recently (NIST action item from OASIS TAG TC teleconference, and WS-I), where the TA predicate is intentionally weak in terms of indicating fulfillment/violation to the normative statement, for testability reasons. In other words, some of the predicate outcomes may be inconclusive w/r to the addressed requirement, by the very nature of the predicate design. ---------- WS-I example: Normative source: The signature element contains a key ref that ..., and either (a) the signature signs directly the (message) Body, or (b) signs another sig element with same key ref, that itself references the Body. Target: a SOAP message Envelope that belongs to a secured RM sequence. The problem with the requirement is that just by looking on messages over the wire, one can tell if D-Sig elements reference the Body, but one cannot tell if in the subcase (b), the SAME signature has been used for signing this chain of signatures... Consequently, the predicate has been made weaker to make sure it is testable in the assumed test environment (and also written for a negative test here): TA predicate: (negative case) the sig element that signs the sequence Header, does not also reference the Body AND there is no other sig element that signs the body -------------- NIST examples --------- Computer Graphics Metafile standard and TAs for examples: Case (A) Normative statement: Polyline. Parameters (nP). Description: A line is drawn from the first point in the parameter list to the second point, from the second point to the next point, ... and from the next-to-last point to the last point. TA predicate: A polyline has at least 2 points Note: the predicate is built as a logical conclusion, that the number of points in a polyline is at least 2. It is not a good indicator of fulfilment of the normative requirement, only of its violation. Case (B) Normative statement (i): Begin Segment. Description: This is the first element of a segment. All subsequent elements until the next End Segment will belong to this segment. Normative statement (ii): End Segment. Description: This is the last element of a segment. TA predicate: Segments are delimited by Begin/End Segment elements. Note: as you can see, this is also a logical conclusion (but an observable or testable one) from the statement(s). From such a predicate we can only infer the violation of the normative statement considered as specifying "segment", when a "false" outcome. Nothing from a "true" outcome . ---------------------------------------------- In such cases, it appears we would need some additional info in the TA to capture the relationship between the predicate and the normative source, i.e. what the predicate means about requirement fulfillment? Jacques
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]