RE: [ws-sx] WS-Policy and WS-Trust

["Ashok Malhotra" <ashok.malhotra@oracle.com>]

For the record, the WS-Policy charter says that they will go into CR in March.  This was just completed.  The plan is to go to PR in July and then
to recommendation.  Clearly, these are estimates but so far the WG has done well and followed the timeline.

So, if we want to wait for PR, we have to wait 4 months.

All the best, Ashok
> -----Original Message-----
> From: Tony Gullotta [mailto:tony.gullotta@soa.com]
> Sent: Thursday, March 08, 2007 12:55 PM
> To: Greg Whitehead; Michael McIntosh
> Cc: Anthony Nadalin; ws-sx
> Subject: RE: [ws-sx] WS-Policy and WS-Trust
> 
> Ok. So I know this is ugly, may not be allowed, and most likely everyone
> will hate it but I'll throw it out there. Can we host that version of
> the ws-policy xsd along with the ws-sx xsds and just change the
> schemaLocation attribute so consumers would pull that version of the
> ws-policy xsd? Does that require a formal submission?
> 
> We are locked in on that version so we won't get any fixes to issues
> that may be raised but I think that's ok.
> 
> Tony
> 
> -----Original Message-----
> From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> Sent: Thursday, March 08, 2007 12:28 PM
> To: Tony Gullotta; Michael McIntosh
> Cc: Anthony Nadalin; ws-sx
> Subject: Re: [ws-sx] WS-Policy and WS-Trust
> 
> As stated below, my concerns with referencing the member submission at
> W3C
> are:
> 
> 1) Is that a stable reference? Does W3C keep member submissions around
> and publicly accessible in perpetuity?
> 
> 2) What is the errata process for a member submission at W3C? Is the
> WS-Policy working group going to respond to issues with that document or
> manage errata?
> 
> I guess another question is:
> 
> 3) What is the IPR policy for a member submission at W3C (as compared to
> what the IPR policy will be on the final output of the WS-Policy working
> group)?
> 
> -Greg
> 
> On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
> 
> > I don't think 1) is good considering the input of the ws-policy
> > representatives on the call. If they don't feel like ws-policy is
> > close to completion, we shouldn't wait for it.
> >
> > 3) might be ok for ws-trust, but it won't work for ws-securitypolicy.
> >
> > I agree with what you are saying in principal for 2. I'm not sure why
> > we need to "submit" that spec to OASIS though. By referencing it in
> > our spec's and by approving our spec's, isn't that enough? When you
> > approve ws-trust or ws-securitypolicy, you are approving the use of
> > that ws-policy spec already.
> >
> > Tony
> >
> > -----Original Message-----
> > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> > Sent: Thursday, March 08, 2007 12:35 AM
> > To: Michael McIntosh
> > Cc: Anthony Nadalin; ws-sx
> > Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >
> > I realize it's painful to be having this discussion at this late stage
> 
> > in the process, but the fact of the matter is that the process is
> > there to ensure the quality of the work that this TC produces.
> >
> > I, for one, had lost track of this issue and I share the concern
> > raised with the no vote about having a normative reference in an Oasis
> 
> > spec to another spec that is not itself the final product of Oasis or
> > any other standards body. Is there even any precedent for this in
> Oasis?
> >
> > My concerns are largely practical: where will people go to obtain the
> > authoritative copy of the version of the WS-Policy spec that we are
> > referencing? Who will manage errata for that version of the WS-Policy
> > spec if we discover problems down the road?
> >
> > I think there are several responsible options:
> >
> > 1) Wait for W3C to finalize WS-Policy and reference that final
> version.
> >
> > 2) Solicit the submission of the version of WS-Policy that we are
> > referencing to Oasis WSSX and vote it to CS along with our specs.
> > We're implicitly doing this anyway by including a normative reference
> to it.
> >
> > 3) Copy the schema for wsp:AppliesTo into WS-Trust (as wst:AppliesTo)
> > and drop the references to wsp:Policy and wsp:PolicyReference until
> > W3C finalizes WS-Policy, at which time we can come out with a new
> > version of WS-Trust that adds them back.
> >
> > -Greg
> >
> > On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
> >
> >> I think its clear that the intended effect of the commented out part
> >> of the WS-Trust schema is to match with what the specification
> >> describes in text.
> >> It was commented to avoid an overly strict interpretation of ordering
> 
> >> of elements.
> >> It is also clear that,  for any hope of interoperability, message
> >> producer and message consumer must use/expect same namespace.
> >> We cannot include a vague reference to an undefined WS-Policy
> >> namespace - or implementions will not be interoperable.
> >> We cannot change to a new namespace and in good faith claim to have
> >> demonstrated interoperability.
> >> If we decide to change now to the latest WS-Policy draft - what do we
> 
> >> do when by the time we get around to last day of next member vote
> >> WS-Policy's latest draft has changed again?
> >> We cannot continue this cycle until WS-Policy completes its work - we
> 
> >> should put stake in ground now with what we have proven works now and
> 
> >> revise later when WS-Policy reaches closure.
> >> Members of this TC were aware of or should have been aware of this
> >> issue all along, one no vote by non-participant member on issue that
> >> was discussed and addressed in the TC should not cause TC
> >> dramatically
> >
> >> change its plans and schedule for delivery.
> >>
> >> Regards,
> >> Mike
> >>
> >> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007 06:00:32
> > PM:
> >>
> >>> If you look more carefully you?ll notice that the wsp namespace
> >>> declaration is not used (outside of comments), so it has no impact
> >>> on
> >
> >>> the schema.
> >>>
> >>> -Greg
> >>>
> >>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> >>
> >>> I just looked at the schema on the web site and I show it there
> >>> -----------------
> >>> Sent from my BlackBerry Handheld.
> >>>
> >>>  ----- Original Message -----
> >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >>>  Sent: 03/07/2007 03:36 PM
> >>>  To: Anthony Nadalin
> >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >>>
> >>> As I said before, there is no wsp:Policy element declared in the WS-
> 
> >>> Trust schema file (the only mention of wsp:Policy is in a comment).
> >>> The content model of RST and RSTR is xs:any.
> >>>
> >>> -Greg
> >>>
> >>>
> >>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> >>
> >>> In the namespace declaration to resolve the wsp:Policy element
> >>> -----------------
> >>> Sent from my BlackBerry Handheld.
> >>>
> >>>  ----- Original Message -----
> >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >>>  Sent: 03/07/2007 03:24 PM
> >>>  To: Anthony Nadalin
> >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >>>
> >>> Perhaps you can point to where it is expressed in the schema. I
> >>> certainly don?t see it.
> >>>
> >>> -Greg
> >>>
> >>>
> >>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> >>
> >>> They are expressed in the schema so I'm not following your claim as
> >>> it has to resolve the scheama use of wsp:Policy
> >>> -----------------
> >>> Sent from my BlackBerry Handheld.
> >>>
> >>>  ----- Original Message -----
> >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >>>  Sent: 03/07/2007 03:13 PM
> >>>  To: Anthony Nadalin
> >>>  Cc: <ws-sx@lists.oasis-open.org>
> >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >>>
> >>> I?m just saying that the only normative reference to the WS-Policy
> >>> namespace, or even that wsp:Policy is legal content in an RST, is in
> 
> >>> the text of the spec.
> >>>
> >>> On the call today it was claimed that these dependencies were
> >>> expressed in the WS-Trust schema and that doesn?t seem to be the
> > case.
> >>>
> >>> -Greg
> >>>
> >>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> >>
> >>> I don't think that is quite the case, we need a normative reference
> >>> to resolve wsp:Policy, so where are we to find this, so the binding
> >>> is normative now as an explicit namespace is used
> >>>
> >>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image
> >>> removed] Greg Whitehead <greg.whitehead@hp.com>
> >>>
> >>
> >>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM [image
> >>> removed] To [image removed] <ws-sx@lists.oasis-open.org> [image
> >>> removed] cc [image removed] [image removed] Subject [image removed]
> >>> [ws-sx] WS-Policy and WS-Trust [image removed] [image removed] I
> >>> just
> >
> >>> took a look at ws-trust-1.3.xsd and the content model for RST and
> >>> RSTR is already <xs:any> (the wsp namespace is declared in the xsd
> >>> file,
> >> but
> >>> it is ONLY used in comments).
> >>>
> >>> So, for what it's worth, the only binding to a particular version of
> 
> >>> WS-Policy is in the normative text of the spec.
> >>>
> >>> -Greg
> >>>
> >>>
> >>
> >>>
> >>
> >>>
> >>
> >>>
> >>
> >
>