RE: [ws-sx] WS-Policy and WS-Trust

["Ashok Malhotra" <ashok.malhotra@oracle.com>]

Martin:
I would argue that the CR version of WS-Policy is stable and we are unlikely to see significant changes as it proceeds towards recommendation.  This is a personal assessment from my view as a member of the WS-Policy WG.

All the best, Ashok

> -----Original Message-----
> From: Martin Chapman [mailto:martin.chapman@oracle.com]
> Sent: Friday, March 09, 2007 5:17 AM
> To: 'ws-sx'
> Subject: RE: [ws-sx] WS-Policy and WS-Trust
> 
> Many TCs  went through exactly the same arguments over ws-addressing, and
> in all cases they decided not to rely on the member
> submission. Also WS-RX recently faced the same problem and has revised its
> spec to point to the CR version. We should be consistent
> across these specs if composibility is to make sense.
> 
> Finally, the charter clearly states that if such specs are not far enough
> along the standardisation process, an abstract model
> should be defined. The member submission is clearly not far enough along
> since it has been superseded. If people think this
> superseded version is unstable, I have no idea why it is in CR, but in
> that case an abstract model is required as per the charter.
> 
> Martin.
> 
> 
> 
> >-----Original Message-----
> >From: Michael McIntosh [mailto:mikemci@us.ibm.com]
> >Sent: Thursday, March 08, 2007 11:43 PM
> >To: Ashok Malhotra
> >Cc: Anthony Nadalin; Greg Whitehead; Tony Gullotta; ws-sx
> >Subject: RE: [ws-sx] WS-Policy and WS-Trust
> >
> >
> >"Ashok Malhotra" <ashok.malhotra@oracle.com> wrote on
> >03/08/2007 04:55:16
> >PM:
> >
> >> For the record, the WS-Policy charter says that they will go into CR
> >> in March.  This was just completed.  The plan is to go to PR in July
> >> and
> >then
> >> to recommendation.  Clearly, these are estimates but so far the WG
> >> has done well and followed the timeline.
> >>
> >> So, if we want to wait for PR, we have to wait 4 months.
> >
> >That is the plan, but who is to say that someone won't come
> >along at the
> >last minute and vote against it? We can't be dependent on that.
> >
> >>
> >> All the best, Ashok
> >> > -----Original Message-----
> >> > From: Tony Gullotta [mailto:tony.gullotta@soa.com]
> >> > Sent: Thursday, March 08, 2007 12:55 PM
> >> > To: Greg Whitehead; Michael McIntosh
> >> > Cc: Anthony Nadalin; ws-sx
> >> > Subject: RE: [ws-sx] WS-Policy and WS-Trust
> >> >
> >> > Ok. So I know this is ugly, may not be allowed, and most likely
> >everyone
> >> > will hate it but I'll throw it out there. Can we host that version
> >> > of the ws-policy xsd along with the ws-sx xsds and just change the
> >> > schemaLocation attribute so consumers would pull that
> >version of the
> >> > ws-policy xsd? Does that require a formal submission?
> >> >
> >> > We are locked in on that version so we won't get any fixes
> >to issues
> >> > that may be raised but I think that's ok.
> >> >
> >> > Tony
> >> >
> >> > -----Original Message-----
> >> > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> >> > Sent: Thursday, March 08, 2007 12:28 PM
> >> > To: Tony Gullotta; Michael McIntosh
> >> > Cc: Anthony Nadalin; ws-sx
> >> > Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >> >
> >> > As stated below, my concerns with referencing the member
> >submission
> >> > at W3C
> >> > are:
> >> >
> >> > 1) Is that a stable reference? Does W3C keep member submissions
> >> > around and publicly accessible in perpetuity?
> >> >
> >> > 2) What is the errata process for a member submission at
> >W3C? Is the
> >> > WS-Policy working group going to respond to issues with that
> >> > document
> >or
> >> > manage errata?
> >> >
> >> > I guess another question is:
> >> >
> >> > 3) What is the IPR policy for a member submission at W3C (as
> >> > compared
> >to
> >> > what the IPR policy will be on the final output of the WS-Policy
> >working
> >> > group)?
> >> >
> >> > -Greg
> >> >
> >> > On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
> >> >
> >> > > I don't think 1) is good considering the input of the ws-policy
> >> > > representatives on the call. If they don't feel like
> >ws-policy is
> >> > > close to completion, we shouldn't wait for it.
> >> > >
> >> > > 3) might be ok for ws-trust, but it won't work for
> >ws-securitypolicy.
> >> > >
> >> > > I agree with what you are saying in principal for 2. I'm not sure
> >why
> >> > > we need to "submit" that spec to OASIS though. By referencing it
> >> > > in our spec's and by approving our spec's, isn't that
> >enough? When
> >> > > you approve ws-trust or ws-securitypolicy, you are approving the
> >> > > use of that ws-policy spec already.
> >> > >
> >> > > Tony
> >> > >
> >> > > -----Original Message-----
> >> > > From: Greg Whitehead [mailto:greg.whitehead@hp.com]
> >> > > Sent: Thursday, March 08, 2007 12:35 AM
> >> > > To: Michael McIntosh
> >> > > Cc: Anthony Nadalin; ws-sx
> >> > > Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >> > >
> >> > > I realize it's painful to be having this discussion at this late
> >stage
> >> >
> >> > > in the process, but the fact of the matter is that the
> >process is
> >> > > there to ensure the quality of the work that this TC produces.
> >> > >
> >> > > I, for one, had lost track of this issue and I share the concern
> >> > > raised with the no vote about having a normative reference in an
> >Oasis
> >> >
> >> > > spec to another spec that is not itself the final
> >product of Oasis
> >or
> >> > > any other standards body. Is there even any precedent for this in
> >> > Oasis?
> >> > >
> >> > > My concerns are largely practical: where will people go to obtain
> >the
> >> > > authoritative copy of the version of the WS-Policy spec that we
> >> > > are referencing? Who will manage errata for that version of the
> >WS-Policy
> >> > > spec if we discover problems down the road?
> >> > >
> >> > > I think there are several responsible options:
> >> > >
> >> > > 1) Wait for W3C to finalize WS-Policy and reference that final
> >> > version.
> >> > >
> >> > > 2) Solicit the submission of the version of WS-Policy
> >that we are
> >> > > referencing to Oasis WSSX and vote it to CS along with
> >our specs.
> >> > > We're implicitly doing this anyway by including a normative
> >reference
> >> > to it.
> >> > >
> >> > > 3) Copy the schema for wsp:AppliesTo into WS-Trust (as
> >wst:AppliesTo)
> >> > > and drop the references to wsp:Policy and wsp:PolicyReference
> >> > > until W3C finalizes WS-Policy, at which time we can come
> >out with
> >> > > a new version of WS-Trust that adds them back.
> >> > >
> >> > > -Greg
> >> > >
> >> > > On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
> >> > >
> >> > >> I think its clear that the intended effect of the commented out
> >part
> >> > >> of the WS-Trust schema is to match with what the specification
> >> > >> describes in text. It was commented to avoid an overly strict
> >> > >> interpretation of
> >ordering
> >> >
> >> > >> of elements.
> >> > >> It is also clear that,  for any hope of
> >interoperability, message
> >> > >> producer and message consumer must use/expect same
> >namespace. We
> >> > >> cannot include a vague reference to an undefined WS-Policy
> >> > >> namespace - or implementions will not be interoperable.
> >We cannot
> >> > >> change to a new namespace and in good faith claim to have
> >> > >> demonstrated interoperability. If we decide to change
> >now to the
> >> > >> latest WS-Policy draft - what do
> >we
> >> >
> >> > >> do when by the time we get around to last day of next
> >member vote
> >> > >> WS-Policy's latest draft has changed again? We cannot continue
> >> > >> this cycle until WS-Policy completes its work -
> >we
> >> >
> >> > >> should put stake in ground now with what we have proven
> >works now
> >and
> >> >
> >> > >> revise later when WS-Policy reaches closure.
> >> > >> Members of this TC were aware of or should have been aware of
> >> > >> this issue all along, one no vote by non-participant member on
> >> > >> issue
> >that
> >> > >> was discussed and addressed in the TC should not cause TC
> >> > >> dramatically
> >> > >
> >> > >> change its plans and schedule for delivery.
> >> > >>
> >> > >> Regards,
> >> > >> Mike
> >> > >>
> >> > >> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007
> >> > >> 06:00:32
> >> > > PM:
> >> > >>
> >> > >>> If you look more carefully you?ll notice that the wsp
> >namespace
> >> > >>> declaration is not used (outside of comments), so it has no
> >> > >>> impact on
> >> > >
> >> > >>> the schema.
> >> > >>>
> >> > >>> -Greg
> >> > >>>
> >> > >>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com>
> >> > >>> wrote:
> >> > >>
> >> > >>> I just looked at the schema on the web site and I show it there
> >> > >>> -----------------
> >> > >>> Sent from my BlackBerry Handheld.
> >> > >>>
> >> > >>>  ----- Original Message -----
> >> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >> > >>>  Sent: 03/07/2007 03:36 PM
> >> > >>>  To: Anthony Nadalin
> >> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> >> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >> > >>>
> >> > >>> As I said before, there is no wsp:Policy element
> >declared in the
> >WS-
> >> >
> >> > >>> Trust schema file (the only mention of wsp:Policy is in a
> >comment).
> >> > >>> The content model of RST and RSTR is xs:any.
> >> > >>>
> >> > >>> -Greg
> >> > >>>
> >> > >>>
> >> > >>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com>
> >> > >>> wrote:
> >> > >>
> >> > >>> In the namespace declaration to resolve the wsp:Policy element
> >> > >>> -----------------
> >> > >>> Sent from my BlackBerry Handheld.
> >> > >>>
> >> > >>>  ----- Original Message -----
> >> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >> > >>>  Sent: 03/07/2007 03:24 PM
> >> > >>>  To: Anthony Nadalin
> >> > >>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
> >> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >> > >>>
> >> > >>> Perhaps you can point to where it is expressed in the
> >schema. I
> >> > >>> certainly don?t see it.
> >> > >>>
> >> > >>> -Greg
> >> > >>>
> >> > >>>
> >> > >>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com>
> >> > >>> wrote:
> >> > >>
> >> > >>> They are expressed in the schema so I'm not following
> >your claim
> >as
> >> > >>> it has to resolve the scheama use of wsp:Policy
> >> > >>> -----------------
> >> > >>> Sent from my BlackBerry Handheld.
> >> > >>>
> >> > >>>  ----- Original Message -----
> >> > >>>  From: Greg Whitehead [greg.whitehead@hp.com]
> >> > >>>  Sent: 03/07/2007 03:13 PM
> >> > >>>  To: Anthony Nadalin
> >> > >>>  Cc: <ws-sx@lists.oasis-open.org>
> >> > >>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
> >> > >>>
> >> > >>> I?m just saying that the only normative reference to the
> >> > >>> WS-Policy namespace, or even that wsp:Policy is legal
> >content in
> >> > >>> an RST, is
> >in
> >> >
> >> > >>> the text of the spec.
> >> > >>>
> >> > >>> On the call today it was claimed that these dependencies were
> >> > >>> expressed in the WS-Trust schema and that doesn?t seem
> >to be the
> >> > > case.
> >> > >>>
> >> > >>> -Greg
> >> > >>>
> >> > >>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com>
> >> > >>> wrote:
> >> > >>
> >> > >>> I don't think that is quite the case, we need a normative
> >reference
> >> > >>> to resolve wsp:Policy, so where are we to find this, so the
> >binding
> >> > >>> is normative now as an explicit namespace is used
> >> > >>>
> >> > >>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image
> >> > >>> removed] Greg Whitehead <greg.whitehead@hp.com>
> >> > >>>
> >> > >>
> >> > >>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM
> >> > >>> [image removed] To [image removed]
> ><ws-sx@lists.oasis-open.org>
> >> > >>> [image removed] cc [image removed] [image removed] Subject
> >> > >>> [image
> >removed]
> >> > >>> [ws-sx] WS-Policy and WS-Trust [image removed] [image
> >removed] I
> >> > >>> just
> >> > >
> >> > >>> took a look at ws-trust-1.3.xsd and the content model for RST
> >> > >>> and RSTR is already <xs:any> (the wsp namespace is declared in
> >> > >>> the xsd file,
> >> > >> but
> >> > >>> it is ONLY used in comments).
> >> > >>>
> >> > >>> So, for what it's worth, the only binding to a particular
> >> > >>> version
> >of
> >> >
> >> > >>> WS-Policy is in the normative text of the spec.
> >> > >>>
> >> > >>> -Greg
> >> > >>>
> >> > >>>
> >> > >>
> >> > >>>
> >> > >>
> >> > >>>
> >> > >>
> >> > >>>
> >> > >>
> >> > >
> >> >
> >>
> >
> >
>