ws-sx message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [ws-sx] Issue 48: Revised proposal
- From: "Tony Gullotta" <tony.gullotta@soa.com>
- To: "Anthony Nadalin" <drsecure@us.ibm.com>
- Date: Tue, 18 Apr 2006 09:50:32 -0700
I don't know that "MAY" in your first statement is enough
for an implementer of the spec to be sure they don't have to worry about the
merge situation. If we say "MUST" then we may screw up other assertions that can
apply to multiple subjects, or do you think it applies for all assertion
types?
I think that we should just make a general statement which would be along the
lines of:
Assertions MAY only apply to one [Policy
Subject].
and then have the change in the
specific assertion changed to:
This assertion
SHOULD apply to [Endpoint Policy Subject].
Anthony Nadalin |
Work 512.838.0085 | Cell 512.289.4122
"Tony Gullotta"
<tony.gullotta@soa.com>
"Tony Gullotta"
<tony.gullotta@soa.com>
04/12/2006 01:24 PM |
|
I have refined my initial proposal based on discussions at the F2F.
To avoid the complexities of defining special rules for merging multiple binding
assertions I propose that binding assertions should apply to either the endpoint
or the operation, but not both. I've included some proposed text based on the
ws-securitypolicy spec version http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/16289/ws-securitypolicy-1.2-spec-ed-01-r04.pdf.
Section 7.4
lines 1529 - 1530 should be changed from:
This assertion MUST apply to [Endpoint Policy
Subject].
to:
This assertion SHOULD apply to [Endpoint
Policy Subject]. This assertion MAY apply to [Operation Policy Subject]. If this
assertion is applied to [Operation Policy Subject] it MUST NOT also be applied
to [Endpoint Policy Subject].
Section 7.5 lines 1606 - 1607 should be changed from:
This assertion MUST apply to [Endpoint Policy
Subject].
to:
This assertion SHOULD apply to [Endpoint
Policy Subject]. This assertion MAY apply to [Operation Policy Subject]. If this
assertion is applied to [Operation Policy Subject] it MUST NOT also be applied
to [Endpoint Policy Subject].
The following should be added after line 2201 in Appendix
A:
A.2.2 Security
Binding Assertions
SymmetricBindingAssertion (8.4)
AsymmetricBindingAssertion (8.5)
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]