RE: [ws-sx] WS-Policy and WS-Trust

[Michael McIntosh <mikemci@us.ibm.com>]

"Ashok Malhotra" <ashok.malhotra@oracle.com> wrote on 03/08/2007 04:55:16 
PM:

> For the record, the WS-Policy charter says that they will go into CR
> in March.  This was just completed.  The plan is to go to PR in July and 
then
> to recommendation.  Clearly, these are estimates but so far the WG 
> has done well and followed the timeline.
> 
> So, if we want to wait for PR, we have to wait 4 months.

That is the plan, but who is to say that someone won't come along at the 
last minute and vote against it? We can't be dependent on that.

> 
> All the best, Ashok
> > -----Original Message-----
> > From: Tony Gullotta [mailto:tony.gullotta@soa.com]
> > Sent: Thursday, March 08, 2007 12:55 PM
> > To: Greg Whitehead; Michael McIntosh
> > Cc: Anthony Nadalin; ws-sx
> > Subject: RE: [ws-sx] WS-Policy and WS-Trust
> > 
> > Ok. So I know this is ugly, may not be allowed, and most likely 
everyone
> > will hate it but I'll throw it out there. Can we host that version of
> > the ws-policy xsd along with the ws-sx xsds and just change the
> > schemaLocation attribute so consumers would pull that version of the
> > ws-policy xsd? Does that require a formal submission?
> > 
> > We are locked in on that version so we won't get any fixes to issues
> > that may be raised but I think that's ok.
> > 
> > Tony
> > 
> > -----Original Message-----
> > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> > Sent: Thursday, March 08, 2007 12:28 PM
> > To: Tony Gullotta; Michael McIntosh
> > Cc: Anthony Nadalin; ws-sx
> > Subject: Re: [ws-sx] WS-Policy and WS-Trust
> > 
> > As stated below, my concerns with referencing the member submission at
> > W3C
> > are:
> > 
> > 1) Is that a stable reference? Does W3C keep member submissions around
> > and publicly accessible in perpetuity?
> > 
> > 2) What is the errata process for a member submission at W3C? Is the
> > WS-Policy working group going to respond to issues with that document 
or
> > manage errata?
> > 
> > I guess another question is:
> > 
> > 3) What is the IPR policy for a member submission at W3C (as compared 
to
> > what the IPR policy will be on the final output of the WS-Policy 
working
> > group)?
> > 
> > -Greg
> > 
> > On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
> > 
> > > I don't think 1) is good considering the input of the ws-policy
> > > representatives on the call. If they don't feel like ws-policy is
> > > close to completion, we shouldn't wait for it.
> > >
> > > 3) might be ok for ws-trust, but it won't work for 
ws-securitypolicy.
> > >
> > > I agree with what you are saying in principal for 2. I'm not sure 
why
> > > we need to "submit" that spec to OASIS though. By referencing it in
> > > our spec's and by approving our spec's, isn't that enough? When you
> > > approve ws-trust or ws-securitypolicy, you are approving the use of
> > > that ws-policy spec already.
> > >
> > > Tony
> > >
> > > -----Original Message-----
> > > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> > > Sent: Thursday, March 08, 2007 12:35 AM
> > > To: Michael McIntosh
> > > Cc: Anthony Nadalin; ws-sx
> > > Subject: Re: [ws-sx] WS-Policy and WS-Trust
> > >
> > > I realize it's painful to be having this discussion at this late 
stage
> > 
> > > in the process, but the fact of the matter is that the process is
> > > there to ensure the quality of the work that this TC produces.
> > >
> > > I, for one, had lost track of this issue and I share the concern
> > > raised with the no vote about having a normative reference in an 
Oasis
> > 
> > > spec to another spec that is not itself the final product of Oasis 
or
> > > any other standards body. Is there even any precedent for this in
> > Oasis?
> > >
> > > My concerns are largely practical: where will people go to obtain 
the
> > > authoritative copy of the version of the WS-Policy spec that we are
> > > referencing? Who will manage errata for that version of the 
WS-Policy
> > > spec if we discover problems down the road?
> > >
> > > I think there are several responsible options:
> > >
> > > 1) Wait for W3C to finalize WS-Policy and reference that final
> > version.
> > >
> > > 2) Solicit the submission of the version of WS-Policy that we are
> > > referencing to Oasis WSSX and vote it to CS along with our specs.
> > > We're implicitly doing this anyway by including a normative 
reference
> > to it.
> > >
> > > 3) Copy the schema for wsp:AppliesTo into WS-Trust (as 
wst:AppliesTo)
> > > and drop the references to wsp:Policy and wsp:PolicyReference until
> > > W3C finalizes WS-Policy, at which time we can come out with a new
> > > version of WS-Trust that adds them back.
> > >
> > > -Greg
> > >
> > > On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
> > >
> > >> I think its clear that the intended effect of the commented out 
part
> > >> of the WS-Trust schema is to match with what the specification
> > >> describes in text.
> > >> It was commented to avoid an overly strict interpretation of 
ordering
> > 
> > >> of elements.
> > >> It is also clear that,  for any hope of interoperability, message
> > >> producer and message consumer must use/expect same namespace.
> > >> We cannot include a vague reference to an undefined WS-Policy
> > >> namespace - or implementions will not be interoperable.
> > >> We cannot change to a new namespace and in good faith claim to have
> > >> demonstrated interoperability.
> > >> If we decide to change now to the latest WS-Policy draft - what do 
we
> > 
> > >> do when by the time we get around to last day of next member vote
> > >> WS-Policy's latest draft has changed again?
> > >> We cannot continue this cycle until WS-Policy completes its work - 
we
> > 
> > >> should put stake in ground now with what we have proven works now 
and
> > 
> > >> revise later when WS-Policy reaches closure.
> > >> Members of this TC were aware of or should have been aware of this
> > >> issue all along, one no vote by non-participant member on issue 
that
> > >> was discussed and addressed in the TC should not cause TC
> > >> dramatically
> > >
> > >> change its plans and schedule for delivery.
> > >>
> > >> Regards,
> > >> Mike
> > >>
> > >> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007 06:00:32
> > > PM:
> > >>
> > >>> If you look more carefully you?ll notice that the wsp namespace
> > >>> declaration is not used (outside of comments), so it has no impact
> > >>> on
> > >
> > >>> the schema.
> > >>>
> > >>> -Greg
> > >>>
> > >>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> > >>
> > >>> I just looked at the schema on the web site and I show it there
> > >>> -----------------
> > >>> Sent from my BlackBerry Handheld.
> > >>>
> > >>>  ----- Original Message -----
> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> > >>>  Sent: 03/07/2007 03:36 PM
> > >>>  To: Anthony Nadalin
> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> > >>>
> > >>> As I said before, there is no wsp:Policy element declared in the 
WS-
> > 
> > >>> Trust schema file (the only mention of wsp:Policy is in a 
comment).
> > >>> The content model of RST and RSTR is xs:any.
> > >>>
> > >>> -Greg
> > >>>
> > >>>
> > >>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> > >>
> > >>> In the namespace declaration to resolve the wsp:Policy element
> > >>> -----------------
> > >>> Sent from my BlackBerry Handheld.
> > >>>
> > >>>  ----- Original Message -----
> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> > >>>  Sent: 03/07/2007 03:24 PM
> > >>>  To: Anthony Nadalin
> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> > >>>
> > >>> Perhaps you can point to where it is expressed in the schema. I
> > >>> certainly don?t see it.
> > >>>
> > >>> -Greg
> > >>>
> > >>>
> > >>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> > >>
> > >>> They are expressed in the schema so I'm not following your claim 
as
> > >>> it has to resolve the scheama use of wsp:Policy
> > >>> -----------------
> > >>> Sent from my BlackBerry Handheld.
> > >>>
> > >>>  ----- Original Message -----
> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> > >>>  Sent: 03/07/2007 03:13 PM
> > >>>  To: Anthony Nadalin
> > >>>  Cc: <ws-sx@lists.oasis-open.org>
> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> > >>>
> > >>> I?m just saying that the only normative reference to the WS-Policy
> > >>> namespace, or even that wsp:Policy is legal content in an RST, is 
in
> > 
> > >>> the text of the spec.
> > >>>
> > >>> On the call today it was claimed that these dependencies were
> > >>> expressed in the WS-Trust schema and that doesn?t seem to be the
> > > case.
> > >>>
> > >>> -Greg
> > >>>
> > >>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
> > >>
> > >>> I don't think that is quite the case, we need a normative 
reference
> > >>> to resolve wsp:Policy, so where are we to find this, so the 
binding
> > >>> is normative now as an explicit namespace is used
> > >>>
> > >>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image
> > >>> removed] Greg Whitehead <greg.whitehead@hp.com>
> > >>>
> > >>
> > >>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM [image
> > >>> removed] To [image removed] <ws-sx@lists.oasis-open.org> [image
> > >>> removed] cc [image removed] [image removed] Subject [image 
removed]
> > >>> [ws-sx] WS-Policy and WS-Trust [image removed] [image removed] I
> > >>> just
> > >
> > >>> took a look at ws-trust-1.3.xsd and the content model for RST and
> > >>> RSTR is already <xs:any> (the wsp namespace is declared in the xsd
> > >>> file,
> > >> but
> > >>> it is ONLY used in comments).
> > >>>
> > >>> So, for what it's worth, the only binding to a particular version 
of
> > 
> > >>> WS-Policy is in the normative text of the spec.
> > >>>
> > >>> -Greg
> > >>>
> > >>>
> > >>
> > >>>
> > >>
> > >>>
> > >>
> > >>>
> > >>
> > >
> > 
>