Re: [ws-sx] WS-Policy and WS-Trust

[Greg Whitehead <greg.whitehead@hp.com>]

Who says we can't be dependent on that? We are dependent on the spec after
all?

-Greg

On 3/8/07 5:42 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:

> "Ashok Malhotra" <ashok.malhotra@oracle.com> wrote on 03/08/2007 04:55:16
> PM:
> 
>> For the record, the WS-Policy charter says that they will go into CR
>> in March.  This was just completed.  The plan is to go to PR in July and
> then
>> to recommendation.  Clearly, these are estimates but so far the WG
>> has done well and followed the timeline.
>> 
>> So, if we want to wait for PR, we have to wait 4 months.
> 
> That is the plan, but who is to say that someone won't come along at the
> last minute and vote against it? We can't be dependent on that.
> 
>> 
>> All the best, Ashok
>>> -----Original Message-----
>>> From: Tony Gullotta [mailto:tony.gullotta@soa.com]
>>> Sent: Thursday, March 08, 2007 12:55 PM
>>> To: Greg Whitehead; Michael McIntosh
>>> Cc: Anthony Nadalin; ws-sx
>>> Subject: RE: [ws-sx] WS-Policy and WS-Trust
>>> 
>>> Ok. So I know this is ugly, may not be allowed, and most likely
> everyone
>>> will hate it but I'll throw it out there. Can we host that version of
>>> the ws-policy xsd along with the ws-sx xsds and just change the
>>> schemaLocation attribute so consumers would pull that version of the
>>> ws-policy xsd? Does that require a formal submission?
>>> 
>>> We are locked in on that version so we won't get any fixes to issues
>>> that may be raised but I think that's ok.
>>> 
>>> Tony
>>> 
>>> -----Original Message-----
>>> From: Greg Whitehead [mailto:greg.whitehead@hp.com]
>>> Sent: Thursday, March 08, 2007 12:28 PM
>>> To: Tony Gullotta; Michael McIntosh
>>> Cc: Anthony Nadalin; ws-sx
>>> Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>> 
>>> As stated below, my concerns with referencing the member submission at
>>> W3C
>>> are:
>>> 
>>> 1) Is that a stable reference? Does W3C keep member submissions around
>>> and publicly accessible in perpetuity?
>>> 
>>> 2) What is the errata process for a member submission at W3C? Is the
>>> WS-Policy working group going to respond to issues with that document
> or
>>> manage errata?
>>> 
>>> I guess another question is:
>>> 
>>> 3) What is the IPR policy for a member submission at W3C (as compared
> to
>>> what the IPR policy will be on the final output of the WS-Policy
> working
>>> group)?
>>> 
>>> -Greg
>>> 
>>> On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
>>> 
>>>> I don't think 1) is good considering the input of the ws-policy
>>>> representatives on the call. If they don't feel like ws-policy is
>>>> close to completion, we shouldn't wait for it.
>>>> 
>>>> 3) might be ok for ws-trust, but it won't work for
> ws-securitypolicy.
>>>> 
>>>> I agree with what you are saying in principal for 2. I'm not sure
> why
>>>> we need to "submit" that spec to OASIS though. By referencing it in
>>>> our spec's and by approving our spec's, isn't that enough? When you
>>>> approve ws-trust or ws-securitypolicy, you are approving the use of
>>>> that ws-policy spec already.
>>>> 
>>>> Tony
>>>> 
>>>> -----Original Message-----
>>>> From: Greg Whitehead [mailto:greg.whitehead@hp.com]
>>>> Sent: Thursday, March 08, 2007 12:35 AM
>>>> To: Michael McIntosh
>>>> Cc: Anthony Nadalin; ws-sx
>>>> Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>> 
>>>> I realize it's painful to be having this discussion at this late
> stage
>>> 
>>>> in the process, but the fact of the matter is that the process is
>>>> there to ensure the quality of the work that this TC produces.
>>>> 
>>>> I, for one, had lost track of this issue and I share the concern
>>>> raised with the no vote about having a normative reference in an
> Oasis
>>> 
>>>> spec to another spec that is not itself the final product of Oasis
> or
>>>> any other standards body. Is there even any precedent for this in
>>> Oasis?
>>>> 
>>>> My concerns are largely practical: where will people go to obtain
> the
>>>> authoritative copy of the version of the WS-Policy spec that we are
>>>> referencing? Who will manage errata for that version of the
> WS-Policy
>>>> spec if we discover problems down the road?
>>>> 
>>>> I think there are several responsible options:
>>>> 
>>>> 1) Wait for W3C to finalize WS-Policy and reference that final
>>> version.
>>>> 
>>>> 2) Solicit the submission of the version of WS-Policy that we are
>>>> referencing to Oasis WSSX and vote it to CS along with our specs.
>>>> We're implicitly doing this anyway by including a normative
> reference
>>> to it.
>>>> 
>>>> 3) Copy the schema for wsp:AppliesTo into WS-Trust (as
> wst:AppliesTo)
>>>> and drop the references to wsp:Policy and wsp:PolicyReference until
>>>> W3C finalizes WS-Policy, at which time we can come out with a new
>>>> version of WS-Trust that adds them back.
>>>> 
>>>> -Greg
>>>> 
>>>> On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
>>>> 
>>>>> I think its clear that the intended effect of the commented out
> part
>>>>> of the WS-Trust schema is to match with what the specification
>>>>> describes in text.
>>>>> It was commented to avoid an overly strict interpretation of
> ordering
>>> 
>>>>> of elements.
>>>>> It is also clear that,  for any hope of interoperability, message
>>>>> producer and message consumer must use/expect same namespace.
>>>>> We cannot include a vague reference to an undefined WS-Policy
>>>>> namespace - or implementions will not be interoperable.
>>>>> We cannot change to a new namespace and in good faith claim to have
>>>>> demonstrated interoperability.
>>>>> If we decide to change now to the latest WS-Policy draft - what do
> we
>>> 
>>>>> do when by the time we get around to last day of next member vote
>>>>> WS-Policy's latest draft has changed again?
>>>>> We cannot continue this cycle until WS-Policy completes its work -
> we
>>> 
>>>>> should put stake in ground now with what we have proven works now
> and
>>> 
>>>>> revise later when WS-Policy reaches closure.
>>>>> Members of this TC were aware of or should have been aware of this
>>>>> issue all along, one no vote by non-participant member on issue
> that
>>>>> was discussed and addressed in the TC should not cause TC
>>>>> dramatically
>>>> 
>>>>> change its plans and schedule for delivery.
>>>>> 
>>>>> Regards,
>>>>> Mike
>>>>> 
>>>>> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007 06:00:32
>>>> PM:
>>>>> 
>>>>>> If you look more carefully you?ll notice that the wsp namespace
>>>>>> declaration is not used (outside of comments), so it has no impact
>>>>>> on
>>>> 
>>>>>> the schema.
>>>>>> 
>>>>>> -Greg
>>>>>> 
>>>>>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>>> 
>>>>>> I just looked at the schema on the web site and I show it there
>>>>>> -----------------
>>>>>> Sent from my BlackBerry Handheld.
>>>>>> 
>>>>>>  ----- Original Message -----
>>>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>>>  Sent: 03/07/2007 03:36 PM
>>>>>>  To: Anthony Nadalin
>>>>>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>>>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>>> 
>>>>>> As I said before, there is no wsp:Policy element declared in the
> WS-
>>> 
>>>>>> Trust schema file (the only mention of wsp:Policy is in a
> comment).
>>>>>> The content model of RST and RSTR is xs:any.
>>>>>> 
>>>>>> -Greg
>>>>>> 
>>>>>> 
>>>>>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>>> 
>>>>>> In the namespace declaration to resolve the wsp:Policy element
>>>>>> -----------------
>>>>>> Sent from my BlackBerry Handheld.
>>>>>> 
>>>>>>  ----- Original Message -----
>>>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>>>  Sent: 03/07/2007 03:24 PM
>>>>>>  To: Anthony Nadalin
>>>>>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>>>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>>> 
>>>>>> Perhaps you can point to where it is expressed in the schema. I
>>>>>> certainly don?t see it.
>>>>>> 
>>>>>> -Greg
>>>>>> 
>>>>>> 
>>>>>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>>> 
>>>>>> They are expressed in the schema so I'm not following your claim
> as
>>>>>> it has to resolve the scheama use of wsp:Policy
>>>>>> -----------------
>>>>>> Sent from my BlackBerry Handheld.
>>>>>> 
>>>>>>  ----- Original Message -----
>>>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>>>  Sent: 03/07/2007 03:13 PM
>>>>>>  To: Anthony Nadalin
>>>>>>  Cc: <ws-sx@lists.oasis-open.org>
>>>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>>> 
>>>>>> I?m just saying that the only normative reference to the WS-Policy
>>>>>> namespace, or even that wsp:Policy is legal content in an RST, is
> in
>>> 
>>>>>> the text of the spec.
>>>>>> 
>>>>>> On the call today it was claimed that these dependencies were
>>>>>> expressed in the WS-Trust schema and that doesn?t seem to be the
>>>> case.
>>>>>> 
>>>>>> -Greg
>>>>>> 
>>>>>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>>> 
>>>>>> I don't think that is quite the case, we need a normative
> reference
>>>>>> to resolve wsp:Policy, so where are we to find this, so the
> binding
>>>>>> is normative now as an explicit namespace is used
>>>>>> 
>>>>>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image
>>>>>> removed] Greg Whitehead <greg.whitehead@hp.com>
>>>>>> 
>>>>> 
>>>>>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM [image
>>>>>> removed] To [image removed] <ws-sx@lists.oasis-open.org> [image
>>>>>> removed] cc [image removed] [image removed] Subject [image
> removed]
>>>>>> [ws-sx] WS-Policy and WS-Trust [image removed] [image removed] I
>>>>>> just
>>>> 
>>>>>> took a look at ws-trust-1.3.xsd and the content model for RST and
>>>>>> RSTR is already <xs:any> (the wsp namespace is declared in the xsd
>>>>>> file,
>>>>> but
>>>>>> it is ONLY used in comments).
>>>>>> 
>>>>>> So, for what it's worth, the only binding to a particular version
> of
>>> 
>>>>>> WS-Policy is in the normative text of the spec.
>>>>>> 
>>>>>> -Greg
>>>>>> 
>>>>>> 
>>>>> 
>>>>>> 
>>>>> 
>>>>>> 
>>>>> 
>>>>>> 
>>>>> 
>>>> 
>>> 
>> 
>