[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [ws-sx] Further discussion on WS-SX Examples document
+1 to proposal and logic. regards, Frederick Frederick Hirsch Nokia On Jun 26, 2007, at 9:17 PM, ext Hal Lockhart wrote: > First I must say that I disagree with Tony about the source of the > complexity here. While WS-Security (and friends) is complex, IMO > most of the complexity comes from the semantics of actually > insuring the intended security properties of a given message or > message exchange. Actually creating messages with well formed > signatures and so forth is relatively straightforward, especially > if one is familiar with other security protocols, such as Kerberos > and TLS. > > > > However, I believe that WS-SecurityPolicy adds an order of > magnitude of complexity in understanding all the various assertion > types, how they interact, where they can be attached and what > messages correspond to given policy combinations. That is evening > ignoring additional issues such as matching. I think that if we > expect WS-SP to be widely used, we need examples – lots of them. I > believe the examples in the current document are something like a > bare minimum for people to really understand how WS-SP works. > > > > That said, I agree with Tony that we need direct testing of the > examples in the document. As Rich says, the key thing is not can we > process each other’s messages, but do the messages produced > correspond to the policies. That is what we should be testing. But > unlike Rich, I don’t think this is a completely manual process. In > fact if we specify enough, it may be possible to get the messages > to exactly match a specified pattern. In any event I think we > should try. > > > > So in the interest of being specific, I propose we do the following. > > > > 1. Continue to report and fix problems in the examples doc based on > inspection or individual testing > > 2. When there are no open issues, vote the document to CD > > 3. Conduct a Public Review > > 4. At the same time or afterwards, test each of the examples in > some kind of virtual interop > > 5. Drop any examples we cannot get sufficient testing of. > > 6. Vote the document to Committee Spec. > > > > I guess I have to concede that this requires a charter change, but > I believe it is worth doing if we really want people to be able to > use WS-SP. > > > > I would be interested to hear specific proposals from other people. > > > > Hal > > > > From: Rich Levinson [mailto:rich.levinson@oracle.com] > Sent: Wednesday, June 13, 2007 9:39 AM > To: Anthony Nadalin > Cc: Raepple, Martin; Prateek Mishra; ws-sx@lists.oasis-open.org > Subject: Re: [ws-sx] Further discussion on WS-SX Examples document > > > > I have thought about the "testing" of the examples in the WS-SX > Examples > document, especially since actually re-running the old WS-Security > Interop > and other Interop scenarios is likely to be prohibitively expensive > in terms > of required resources. > > The way I see it is that the messages in the WS-SX Examples document > have already been tested since by and large they are simply copies of > the messages from the old Interop documents. > > What is new here is the matching of the WS-SP policies against those > messages, which to a large degree is an exercise in manually examining > the WS-SP Policy vs the message contents, which is what is done in > the text portions of each example. > > Therefore, imo, "testing" of these examples really is reviewing the > Policies > themselves for accuracy and then reviewing the text describing the > relation > between the Policies and the covered message. > > Of course, the accuracy of the xml for the Policies is important as > well, > and this is where the current test results appear to be focused. > However, > I think having the total focus on the XML parsing of the Policies, > while > important, is not really addressing the real intent of the document. > > The value of the document, imo, is showing people how to "do WS-SP" > for use cases that are likely to already to exist and need to be > incorporated > to these emerging standards for advertising those services. > > Thanks, > Rich > > Anthony Nadalin wrote: > > What I see is a document that has not been tested or validated for > correctness, I would rather have correctness then more explanation > on something that is potentially wrong.Members have also invested > time in trying to test this document. I can't imagine writing this > document w/o the ability to test it. > > Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 > <image001.gif> > " border="0">"Raepple, Martin" <martin.raepple@sap.com> > > > "Raepple, Martin"<martin.raepple@sap.com> > > 06/13/2007 06:35 AM > > <image005.gif> > > To > > <image006.gif> > > <ws-sx@lists.oasis-open.org> > > <image005.gif> > > cc > > <image006.gif> > > Anthony Nadalin/Austin/IBM@IBMUS, "Prateek > Mishra"<prateek.mishra@oracle.com> > > <image005.gif> > > Subject > > <image006.gif> > > RE: [ws-sx] Further discussion on WS-SX Examples document > > > > <image006.gif> > > <image006.gif> > > > Most of the examples are actually based on interop documents (e.g. > from WS-I, WSS TC, WCF Plugfests). If not already implicitly or > explicitly included, I don't see any reason why we should not also > add certain scenarios from the interop document. > > The issue I see with taking forward the interop document is that > there is only very limited explanation given on the scenarios and > most of them don't include the corresponding policy at all. The TC > asked for adding these detailled explanations to the SP examples > document, along with message samples, in a call earlier this year. > Members invested their time in updating the document accordingly > and reviewing it. Therefore, I think the example document should be > considered as the base document for taking forward, not the interop > documents. > > - Martin > > From: Anthony Nadalin [mailto:drsecure@us.ibm.com] > Sent: Mittwoch, 13. Juni 2007 05:00 > To: Prateek Mishra > Cc: ws-sx@lists.oasis-open.org > Subject: Re: [ws-sx] Further discussion on WS-SX Examples document > > Comments: > > 1) I would not call WS-SecurityPolicy complex, I would call WS- > Security, WS-Trust and other specifications that actually define > protocols complex. WS-SecurityPolicy merely defines URIs that > expresses specific wire format for WS-Trust, WS-Security and WS- > SecureConversation. We actually have examples already, these are in > the interop document, these are real examples that work and have > been validated. We have major concern over what is in the examples > document as to not being validated and examples that can actually > achieve interop. > > I don't see any mention of a examples document in the charter as an > output document, It seems it was important to change the charter to > include the WS-Policy 1.5, I would think that it would also be as > important to make sure the charter actually reflects the TC work. > > So I don't think that the question on in scope is ill-posed at all. > As we have published WS-Security, WS-Trust and WS- > SecureConversation w/o a examples document, seems lost of TC do > this, ones that actually produce examples documents actually test > the samples. > > 2) I don't believe that the document has been reviewed extensively > or we would not have found the issues we have found so far, once > again this document has not been validated or tested for actual > correctness or interop. As people that read a formal document > produced by at TC expect the document to be correct and tested. > > 3) Disagree, I think that this document needs to be validated and > that we can actually use and interop on the examples. > > I find the request to take this document to CD status as we don't > even take our interop documents to CD status and these are > documents that have been validated for correctness and > interoperability, seems like these are the documents that we should > be taking forward. > > > Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122 > <image001.gif> > Prateek Mishra <prateek.mishra@oracle.com> > > Prateek Mishra<prateek.mishra@oracle.com> > > 06/08/2007 05:21 PM > > <image007.gif> > > To > > <image006.gif> > > ws-sx@lists.oasis-open.org > > <image007.gif> > > cc > > <image006.gif> > > <image007.gif> > > Subject > > <image006.gif> > > [ws-sx] Further discussion on WS-SX Examples document > > > > <image006.gif> > > <image006.gif> > > > This message responds to the following questions from the May 30 > conference call minutes: > > [quote] > 1. Is an examples document in scope of the TC? > > 2. What specific examples are or are not in scope in an examples > document? > > 3. What additional work or steps are required before the examples > doc can progress to CD? > > [\quote] > > 1. The starting point of the examples document goes back to May > 2006 when > this work was proposed by Ashok Malhotra[1]. The points made then were > that the > SecurityPolicy specification is quite complext (111 pages in its final > incarnation) > and that most people would have a difficult time figuring out even > simple example policies. > The idea was to collect examples with explanations, this would provide > readers a > starting point for many scenarios of interest. > > I think the question of whether such a document is "in scope" is > actually ill-posed. > > A more appropriate question would be: is it appropriate to publish a > complex standard like > SecurityPolicy without an examples document? > > The examples are needed as a kind of sanity-test so that we can see > how > SecurityPolicy > features may be used to secure message exchanges in a few cases of > interest to the TC. > Aside from the educational and labor-saving aspects, it is also a > indication of openness in that > readers need not purchase proprietary products in order to understand > the use of > the SecurityPolicy specification. > > Finally, if we look at comparable specifications like > W3C XML Schema we find them accompanied by a systematic and detailed > primer document. > > > 2. The examples document has been quite extensively reviewed by > many TC > members > and many suggestions for change have been made and implemented. > > If any vendor has a specific concern with a particular example, they > should explain what this is > and I am sure the Editors would update the document appropriately. > > > 3. I believe that as soon as any remaining open issues are > resolved, we > should conduct a > CD vote for the document. > > ------------------------------------------------------ > > > [1] http://lists.oasis-open.org/archives/ws-sx/200604/msg00031.html > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]