OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

ws-sx message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [ws-sx] Further discussion on WS-SX Examples document

What I see is a document that has not been tested or validated for correctness, I would rather have correctness then more explanation on something that is potentially wrong.Members have also invested time in trying to test this document. I can't imagine writing this document w/o the ability to test it.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for "Raepple, Martin" <martin.raepple@sap.com>"Raepple, Martin" <martin.raepple@sap.com>

          "Raepple, Martin" <martin.raepple@sap.com>

          06/13/2007 06:35 AM




Anthony Nadalin/Austin/IBM@IBMUS, "Prateek Mishra" <prateek.mishra@oracle.com>


RE: [ws-sx] Further discussion on WS-SX Examples document

Most of the examples are actually based on interop documents (e.g. from WS-I, WSS TC, WCF Plugfests). If not already implicitly or explicitly included, I don't see any reason why we should not also add certain scenarios from the interop document.

The issue I see with taking forward the interop document is that there is only very limited explanation given on the scenarios and most of them don't include the corresponding policy at all. The TC asked for adding these detailled explanations to the SP examples document, along with message samples, in a call earlier this year. Members invested their time in updating the document accordingly and reviewing it. Therefore, I think the example document should be considered as the base document for taking forward, not the interop documents.

- Martin

From: Anthony Nadalin [mailto:drsecure@us.ibm.com]
Mittwoch, 13. Juni 2007 05:00
Prateek Mishra
Re: [ws-sx] Further discussion on WS-SX Examples document


1) I would not call WS-SecurityPolicy complex, I would call WS-Security, WS-Trust and other specifications that actually define protocols complex. WS-SecurityPolicy merely defines URIs that expresses specific wire format for WS-Trust, WS-Security and WS-SecureConversation. We actually have examples already, these are in the interop document, these are real examples that work and have been validated. We have major concern over what is in the examples document as to not being validated and examples that can actually achieve interop.

I don't see any mention of a examples document in the charter as an output document, It seems it was important to change the charter to include the WS-Policy 1.5, I would think that it would also be as important to make sure the charter actually reflects the TC work.

So I don't think that the question on in scope is ill-posed at all. As we have published WS-Security, WS-Trust and WS-SecureConversation w/o a examples document, seems lost of TC do this, ones that actually produce examples documents actually test the samples.

2) I don't believe that the document has been reviewed extensively or we would not have found the issues we have found so far, once again this document has not been validated or tested for actual correctness or interop. As people that read a formal document produced by at TC expect the document to be correct and tested.

3) Disagree, I think that this document needs to be validated and that we can actually use and interop on the examples.

I find the request to take this document to CD status as we don't even take our interop documents to CD status and these are documents that have been validated for correctness and interoperability, seems like these are the documents that we should be taking forward.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Prateek Mishra <prateek.mishra@oracle.com>Prateek Mishra <prateek.mishra@oracle.com>

                  Prateek Mishra <prateek.mishra@oracle.com>

                  06/08/2007 05:21 PM



[ws-sx] Further discussion on WS-SX Examples document

This message responds to the following questions from the May 30
conference call minutes:

 1. Is an examples document in scope of the TC?

 2. What specific examples are or are not in scope in an examples

  3. What additional work or steps are required before the examples
doc can progress to CD?


1. The starting point of the examples document goes back to May 2006 when
this work was proposed by Ashok Malhotra[1]. The points made then were
that the
SecurityPolicy specification is quite complext (111 pages in its final
and that most people would have a difficult time figuring out even
simple example policies.
The idea was to collect examples with explanations, this would provide
readers a
starting point for many scenarios of interest.

I think the question of whether such a document is "in scope" is
actually ill-posed.

A more appropriate question would be: is it appropriate to publish a
complex standard like
SecurityPolicy without an examples document?

The examples are needed as a kind of sanity-test so that we can see how
features may be used to secure message exchanges in a few cases of
interest to the TC.
Aside from the educational and labor-saving aspects, it is also a
indication of openness in that
readers need not purchase proprietary products in order to understand
the use of
the SecurityPolicy specification.

Finally, if we look at comparable specifications like
W3C XML Schema we find them accompanied by a systematic and detailed
primer document.

2. The examples document has been quite extensively reviewed by many TC
and many suggestions for change have been made and implemented.

If any vendor has a specific concern with a particular example, they
should explain what this is
and I am sure the Editors would update the document appropriately.

3. I believe that as soon as any remaining open issues are resolved, we
should conduct a
CD vote for the document.



GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]