Re: [ws-sx] WS-Policy and WS-Trust

[Anish Karmarkar <Anish.Karmarkar@oracle.com>]

There are questions raised about the availability of the current CR 
version if there is a newer WD/CR/REC in the future.
The CR version (and schema) that currently exists has a stable dated URI 
which will always be available. Every published WD/LC/CR/PR/REC document 
in W3C has a stable URI on W3C's website and those documents are not 
going to go away. The same is true for Member Submission/Notes. So I 
don't think availability of either the CR or Member Submission is an issue.

To me, the WS-Policy WG has already made changes to the Member 
Submission on its way to CR, including a change to the schema NS. I 
think, it is highly unlikely, though possible, that there would be 
non-backward compatible changes between CR and REC. But as of now there 
*are* non-backward compatible changes between the Member Submission and 
CR and there will be non-backward compatible changes between Member 
Submission and REC.

If we want to future-proof the spec, using Member Submission is a really 
bad idea. Either we should wait for the PR/REC, or if we are in a hurry 
use the CR.

There is also an interesting dimension to this:
All the WS-* specs are meant to be composible. WS-ReliableMessaging is 
using the CR version. If the specs produced by this TC use the Member 
Submission, how will a reliable-secure policy look like?

-Anish
--

Tony Gullotta wrote:
> Ok. So I know this is ugly, may not be allowed, and most likely everyone
> will hate it but I'll throw it out there. Can we host that version of
> the ws-policy xsd along with the ws-sx xsds and just change the
> schemaLocation attribute so consumers would pull that version of the
> ws-policy xsd? Does that require a formal submission? 
> 
> We are locked in on that version so we won't get any fixes to issues
> that may be raised but I think that's ok.
> 
> Tony
> 
> -----Original Message-----
> From: Greg Whitehead [mailto:greg.whitehead@hp.com] 
> Sent: Thursday, March 08, 2007 12:28 PM
> To: Tony Gullotta; Michael McIntosh
> Cc: Anthony Nadalin; ws-sx
> Subject: Re: [ws-sx] WS-Policy and WS-Trust
> 
> As stated below, my concerns with referencing the member submission at
> W3C
> are:
> 
> 1) Is that a stable reference? Does W3C keep member submissions around
> and publicly accessible in perpetuity?
> 
> 2) What is the errata process for a member submission at W3C? Is the
> WS-Policy working group going to respond to issues with that document or
> manage errata?
> 
> I guess another question is:
> 
> 3) What is the IPR policy for a member submission at W3C (as compared to
> what the IPR policy will be on the final output of the WS-Policy working
> group)?
> 
> -Greg
> 
> On 3/8/07 9:55 AM, "Tony Gullotta" <tony.gullotta@soa.com> wrote:
> 
>> I don't think 1) is good considering the input of the ws-policy 
>> representatives on the call. If they don't feel like ws-policy is 
>> close to completion, we shouldn't wait for it.
>>
>> 3) might be ok for ws-trust, but it won't work for ws-securitypolicy.
>>
>> I agree with what you are saying in principal for 2. I'm not sure why 
>> we need to "submit" that spec to OASIS though. By referencing it in 
>> our spec's and by approving our spec's, isn't that enough? When you 
>> approve ws-trust or ws-securitypolicy, you are approving the use of 
>> that ws-policy spec already.
>>
>> Tony
>>
>> -----Original Message-----
>> From: Greg Whitehead [mailto:greg.whitehead@hp.com]
>> Sent: Thursday, March 08, 2007 12:35 AM
>> To: Michael McIntosh
>> Cc: Anthony Nadalin; ws-sx
>> Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>
>> I realize it's painful to be having this discussion at this late stage
> 
>> in the process, but the fact of the matter is that the process is 
>> there to ensure the quality of the work that this TC produces.
>>
>> I, for one, had lost track of this issue and I share the concern 
>> raised with the no vote about having a normative reference in an Oasis
> 
>> spec to another spec that is not itself the final product of Oasis or 
>> any other standards body. Is there even any precedent for this in
> Oasis?
>> My concerns are largely practical: where will people go to obtain the 
>> authoritative copy of the version of the WS-Policy spec that we are 
>> referencing? Who will manage errata for that version of the WS-Policy 
>> spec if we discover problems down the road?
>>
>> I think there are several responsible options:
>>
>> 1) Wait for W3C to finalize WS-Policy and reference that final
> version.
>> 2) Solicit the submission of the version of WS-Policy that we are 
>> referencing to Oasis WSSX and vote it to CS along with our specs. 
>> We're implicitly doing this anyway by including a normative reference
> to it.
>> 3) Copy the schema for wsp:AppliesTo into WS-Trust (as wst:AppliesTo) 
>> and drop the references to wsp:Policy and wsp:PolicyReference until 
>> W3C finalizes WS-Policy, at which time we can come out with a new 
>> version of WS-Trust that adds them back.
>>
>> -Greg
>>
>> On 3/7/07 6:23 PM, "Michael McIntosh" <mikemci@us.ibm.com> wrote:
>>
>>> I think its clear that the intended effect of the commented out part 
>>> of the WS-Trust schema is to match with what the specification 
>>> describes in text.
>>> It was commented to avoid an overly strict interpretation of ordering
> 
>>> of elements.
>>> It is also clear that,  for any hope of interoperability, message 
>>> producer and message consumer must use/expect same namespace.
>>> We cannot include a vague reference to an undefined WS-Policy 
>>> namespace - or implementions will not be interoperable.
>>> We cannot change to a new namespace and in good faith claim to have 
>>> demonstrated interoperability.
>>> If we decide to change now to the latest WS-Policy draft - what do we
> 
>>> do when by the time we get around to last day of next member vote 
>>> WS-Policy's latest draft has changed again?
>>> We cannot continue this cycle until WS-Policy completes its work - we
> 
>>> should put stake in ground now with what we have proven works now and
> 
>>> revise later when WS-Policy reaches closure.
>>> Members of this TC were aware of or should have been aware of this 
>>> issue all along, one no vote by non-participant member on issue that 
>>> was discussed and addressed in the TC should not cause TC 
>>> dramatically
>>> change its plans and schedule for delivery.
>>>
>>> Regards,
>>> Mike
>>>
>>> Greg Whitehead <greg.whitehead@hp.com> wrote on 03/07/2007 06:00:32
>> PM:
>>>> If you look more carefully you?ll notice that the wsp namespace 
>>>> declaration is not used (outside of comments), so it has no impact 
>>>> on
>>>> the schema.
>>>>
>>>> -Greg
>>>>
>>>> On 3/7/07 4:39 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>> I just looked at the schema on the web site and I show it there
>>>> -----------------
>>>> Sent from my BlackBerry Handheld.
>>>>
>>>>  ----- Original Message -----
>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>  Sent: 03/07/2007 03:36 PM
>>>>  To: Anthony Nadalin
>>>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>
>>>> As I said before, there is no wsp:Policy element declared in the WS-
> 
>>>> Trust schema file (the only mention of wsp:Policy is in a comment).
>>>> The content model of RST and RSTR is xs:any.
>>>>
>>>> -Greg
>>>>
>>>>
>>>> On 3/7/07 4:32 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>> In the namespace declaration to resolve the wsp:Policy element
>>>> -----------------
>>>> Sent from my BlackBerry Handheld.
>>>>
>>>>  ----- Original Message -----
>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>  Sent: 03/07/2007 03:24 PM
>>>>  To: Anthony Nadalin
>>>>  Cc: ws-sx <ws-sx@lists.oasis-open.org>
>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>
>>>> Perhaps you can point to where it is expressed in the schema. I 
>>>> certainly don?t see it.
>>>>
>>>> -Greg
>>>>
>>>>
>>>> On 3/7/07 4:22 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>> They are expressed in the schema so I'm not following your claim as 
>>>> it has to resolve the scheama use of wsp:Policy
>>>> -----------------
>>>> Sent from my BlackBerry Handheld.
>>>>
>>>>  ----- Original Message -----
>>>>  From: Greg Whitehead [greg.whitehead@hp.com]
>>>>  Sent: 03/07/2007 03:13 PM
>>>>  To: Anthony Nadalin
>>>>  Cc: <ws-sx@lists.oasis-open.org>
>>>>  Subject: Re: [ws-sx] WS-Policy and WS-Trust
>>>>
>>>> I?m just saying that the only normative reference to the WS-Policy 
>>>> namespace, or even that wsp:Policy is legal content in an RST, is in
> 
>>>> the text of the spec.
>>>>
>>>> On the call today it was claimed that these dependencies were 
>>>> expressed in the WS-Trust schema and that doesn?t seem to be the
>> case.
>>>> -Greg
>>>>
>>>> On 3/7/07 1:55 PM, "Anthony Nadalin" <drsecure@us.ibm.com> wrote:
>>>> I don't think that is quite the case, we need a normative reference 
>>>> to resolve wsp:Policy, so where are we to find this, so the binding 
>>>> is normative now as an explicit namespace is used
>>>>
>>>> Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 [image 
>>>> removed] Greg Whitehead <greg.whitehead@hp.com>
>>>>
>>>> Greg Whitehead <greg.whitehead@hp.com> 03/07/2007 12:01 PM [image 
>>>> removed] To [image removed] <ws-sx@lists.oasis-open.org> [image 
>>>> removed] cc [image removed] [image removed] Subject [image removed] 
>>>> [ws-sx] WS-Policy and WS-Trust [image removed] [image removed] I 
>>>> just
>>>> took a look at ws-trust-1.3.xsd and the content model for RST and 
>>>> RSTR is already <xs:any> (the wsp namespace is declared in the xsd 
>>>> file,
>>> but
>>>> it is ONLY used in comments).
>>>>
>>>> So, for what it's worth, the only binding to a particular version of
> 
>>>> WS-Policy is in the normative text of the spec.
>>>>
>>>> -Greg
>>>>
>>>>
>