RE: [ws-sx] WS-Policy and WS-Trust

["Martin Chapman" <martin.chapman@oracle.com>]

Many TCs  went through exactly the same arguments over ws-addressing, and in all cases they decided not to rely on the member
submission. Also WS-RX recently faced the same problem and has revised its spec to point to the CR version. We should be consistent
across these specs if composibility is to make sense.

Finally, the charter clearly states that if such specs are not far enough along the standardisation process, an abstract model
should be defined. The member submission is clearly not far enough along since it has been superseded. If people think this
superseded version is unstable, I have no idea why it is in CR, but in that case an abstract model is required as per the charter.

Martin.



>-----Original Message-----
>From: Michael McIntosh [mailto:mikemci@us.ibm.com] 
>Sent: Thursday, March 08, 2007 11:43 PM
>To: Ashok Malhotra
>Cc: Anthony Nadalin; Greg Whitehead; Tony Gullotta; ws-sx
>Subject: RE: [ws-sx] WS-Policy and WS-Trust
>
>
>"Ashok Malhotra" <ashok.malhotra@oracle.com> wrote on 
>03/08/2007 04:55:16 
>PM:
>
>> For the record, the WS-Policy charter says that they will go into CR 
>> in March.  This was just completed.  The plan is to go to PR in July 
>> and
>then
>> to recommendation.  Clearly, these are estimates but so far the WG
>> has done well and followed the timeline.
>> 
>> So, if we want to wait for PR, we have to wait 4 months.
>
>That is the plan, but who is to say that someone won't come 
>along at the 
>last minute and vote against it? We can't be dependent on that.
>
>> 
>> All the best, Ashok
>> > -----Original Message-----
>> > From: Tony Gullotta [mailto:tony.gullotta@soa.com]
>> > Sent: Thursday, March 08, 2007 12:55 PM
>> > To: Greg Whitehead; Michael McIntosh
>> > Cc: Anthony Nadalin; ws-sx
>> > Subject: RE: [ws-sx] WS-Policy and WS-Trust
>> > 
>> > Ok. So I know this is ugly, may not be allowed, and most likely
>everyone
>> > will hate it but I'll throw it out there. Can we host that version 
>> > of the ws-policy xsd along with the ws-sx xsds and just change the 
>> > schemaLocation attribute so consumers would pull that 
>version of the 
>> > ws-policy xsd? Does that require a formal submission?
>> > 
>> > We are locked in on that version so we won't get any fixes 
>to issues 
>> > that may be raised but I think that's ok.
>> > 
>> > Tony
>> > 
>> > -----Original Message-----
>> > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
>> > Sent: Thursday, March 08, 2007 12:28 PM
>> > To: Tony Gullotta; Michael McIntosh
>> > Cc: Anthony Nadalin; ws-sx
>> > Subject: Re: [ws-sx] WS-Policy and WS-Trust
>> > 
>> > As stated below, my concerns with referencing the member 
>submission 
>> > at W3C
>> > are:
>> > 
>> > 1) Is that a stable reference? Does W3C keep member submissions 
>> > around and publicly accessible in perpetuity?
>> > 
>> > 2) What is the errata process for a member submission at 
>W3C? Is the 
>> > WS-Policy working group going to respond to issues with that 
>> > document
>or
>> > manage errata?
>> > 
>> > I guess another question is:
>> > 
>> > 3) What is the IPR policy for a member submission at W3C (as 
>> > compared
>to
>> > what the IPR policy will be on the final output of the WS-Policy
>working
>> > group)?
>> > 
>> > -Greg
>> > 
>> > On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
>> > 
>> > > I don't think 1) is good considering the input of the ws-policy 
>> > > representatives on the call. If they don't feel like 
>ws-policy is 
>> > > close to completion, we shouldn't wait for it.
>> > >
>> > > 3) might be ok for ws-trust, but it won't work for
>ws-securitypolicy.
>> > >
>> > > I agree with what you are saying in principal for 2. I'm not sure
>why
>> > > we need to "submit" that spec to OASIS though. By referencing it 
>> > > in our spec's and by approving our spec's, isn't that 
>enough? When 
>> > > you approve ws-trust or ws-securitypolicy, you are approving the 
>> > > use of that ws-policy spec already.
>> > >
>> > > Tony
>> > >
>> > > -----Original Message-----
>> > > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
>> > > Sent: Thursday, March 08, 2007 12:35 AM
>> > > To: Michael McIntosh
>> > > Cc: Anthony Nadalin; ws-sx
>> > > Subject: Re: [ws-sx] WS-Policy and WS-Trust
>> > >
>> > > I realize it's painful to be having this discussion at this late
>stage
>> > 
>> > > in the process, but the fact of the matter is that the 
>process is 
>> > > there to ensure the quality of the work that this TC produces.
>> > >
>> > > I, for one, had lost track of this issue and I share the concern 
>> > > raised with the no vote about having a normative reference in an
>Oasis
>> > 
>> > > spec to another spec that is not itself the final 
>product of Oasis
>or
>> > > any other standards body. Is there even any precedent for this in
>> > Oasis?
>> > >
>> > > My concerns are largely practical: where will people go to obtain
>the
>> > > authoritative copy of the version of the WS-Policy spec that we 
>> > > are referencing? Who will manage errata for that version of the
>WS-Policy
>> > > spec if we discover problems down the road?
>> > >
>> > > I think there are several responsible options:
>> > >
>> > > 1) Wait for W3C to finalize WS-Policy and reference that final
>> > version.
>> > >
>> > > 2) Solicit the submission of the version of WS-Policy 
>that we are 
>> > > referencing to Oasis WSSX and vote it to CS along with 
>our specs. 
>> > > We're implicitly doing this anyway by including a normative
>reference
>> > to it.
>> > >
>> > > 3) Copy the schema for wsp:AppliesTo into WS-Trust (as
>wst:AppliesTo)
>> > > and drop the references to wsp:Policy and wsp:PolicyReference 
>> > > until W3C finalizes WS-Policy, at which time we can come 
>out with 
>> > > a new version of WS-Trust that adds them back.
>> > >
>> > > -Greg
>> > >
>> > > On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
>> > >
>> > >> I think its clear that the intended effect of the commented out
>part
>> > >> of the WS-Trust schema is to match with what the specification 
>> > >> describes in text. It was commented to avoid an overly strict 
>> > >> interpretation of
>ordering
>> > 
>> > >> of elements.
>> > >> It is also clear that,  for any hope of 
>interoperability, message 
>> > >> producer and message consumer must use/expect same 
>namespace. We 
>> > >> cannot include a vague reference to an undefined WS-Policy 
>> > >> namespace - or implementions will not be interoperable. 
>We cannot 
>> > >> change to a new namespace and in good faith claim to have 
>> > >> demonstrated interoperability. If we decide to change 
>now to the 
>> > >> latest WS-Policy draft - what do
>we
>> > 
>> > >> do when by the time we get around to last day of next 
>member vote 
>> > >> WS-Policy's latest draft has changed again? We cannot continue 
>> > >> this cycle until WS-Policy completes its work -
>we
>> > 
>> > >> should put stake in ground now with what we have proven 
>works now
>and
>> > 
>> > >> revise later when WS-Policy reaches closure.
>> > >> Members of this TC were aware of or should have been aware of 
>> > >> this issue all along, one no vote by non-participant member on 
>> > >> issue
>that
>> > >> was discussed and addressed in the TC should not cause TC 
>> > >> dramatically
>> > >
>> > >> change its plans and schedule for delivery.
>> > >>
>> > >> Regards,
>> > >> Mike
>> > >>
>> > >> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007 
>> > >> 06:00:32
>> > > PM:
>> > >>
>> > >>> If you look more carefully you?ll notice that the wsp 
>namespace 
>> > >>> declaration is not used (outside of comments), so it has no 
>> > >>> impact on
>> > >
>> > >>> the schema.
>> > >>>
>> > >>> -Greg
>> > >>>
>> > >>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com> 
>> > >>> wrote:
>> > >>
>> > >>> I just looked at the schema on the web site and I show it there
>> > >>> -----------------
>> > >>> Sent from my BlackBerry Handheld.
>> > >>>
>> > >>>  ----- Original Message -----
>> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
>> > >>>  Sent: 03/07/2007 03:36 PM
>> > >>>  To: Anthony Nadalin
>> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>> > >>>
>> > >>> As I said before, there is no wsp:Policy element 
>declared in the
>WS-
>> > 
>> > >>> Trust schema file (the only mention of wsp:Policy is in a
>comment).
>> > >>> The content model of RST and RSTR is xs:any.
>> > >>>
>> > >>> -Greg
>> > >>>
>> > >>>
>> > >>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com> 
>> > >>> wrote:
>> > >>
>> > >>> In the namespace declaration to resolve the wsp:Policy element
>> > >>> -----------------
>> > >>> Sent from my BlackBerry Handheld.
>> > >>>
>> > >>>  ----- Original Message -----
>> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
>> > >>>  Sent: 03/07/2007 03:24 PM
>> > >>>  To: Anthony Nadalin
>> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>> > >>>
>> > >>> Perhaps you can point to where it is expressed in the 
>schema. I 
>> > >>> certainly don?t see it.
>> > >>>
>> > >>> -Greg
>> > >>>
>> > >>>
>> > >>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com> 
>> > >>> wrote:
>> > >>
>> > >>> They are expressed in the schema so I'm not following 
>your claim
>as
>> > >>> it has to resolve the scheama use of wsp:Policy
>> > >>> -----------------
>> > >>> Sent from my BlackBerry Handheld.
>> > >>>
>> > >>>  ----- Original Message -----
>> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
>> > >>>  Sent: 03/07/2007 03:13 PM
>> > >>>  To: Anthony Nadalin
>> > >>>  Cc: <ws-sx@lists.oasis-open.org>
>> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>> > >>>
>> > >>> I?m just saying that the only normative reference to the 
>> > >>> WS-Policy namespace, or even that wsp:Policy is legal 
>content in 
>> > >>> an RST, is
>in
>> > 
>> > >>> the text of the spec.
>> > >>>
>> > >>> On the call today it was claimed that these dependencies were 
>> > >>> expressed in the WS-Trust schema and that doesn?t seem 
>to be the
>> > > case.
>> > >>>
>> > >>> -Greg
>> > >>>
>> > >>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com> 
>> > >>> wrote:
>> > >>
>> > >>> I don't think that is quite the case, we need a normative
>reference
>> > >>> to resolve wsp:Policy, so where are we to find this, so the
>binding
>> > >>> is normative now as an explicit namespace is used
>> > >>>
>> > >>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image 
>> > >>> removed] Greg Whitehead <greg.whitehead@hp.com>
>> > >>>
>> > >>
>> > >>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM 
>> > >>> [image removed] To [image removed] 
><ws-sx@lists.oasis-open.org> 
>> > >>> [image removed] cc [image removed] [image removed] Subject 
>> > >>> [image
>removed]
>> > >>> [ws-sx] WS-Policy and WS-Trust [image removed] [image 
>removed] I 
>> > >>> just
>> > >
>> > >>> took a look at ws-trust-1.3.xsd and the content model for RST 
>> > >>> and RSTR is already <xs:any> (the wsp namespace is declared in 
>> > >>> the xsd file,
>> > >> but
>> > >>> it is ONLY used in comments).
>> > >>>
>> > >>> So, for what it's worth, the only binding to a particular 
>> > >>> version
>of
>> > 
>> > >>> WS-Policy is in the normative text of the spec.
>> > >>>
>> > >>> -Greg
>> > >>>
>> > >>>
>> > >>
>> > >>>
>> > >>
>> > >>>
>> > >>
>> > >>>
>> > >>
>> > >
>> > 
>> 
>
>