This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 4318 - [All docs] Which WS-SecurityPolicy version should be used as a reference
Summary: [All docs] Which WS-SecurityPolicy version should be used as a reference
Status: RESOLVED FIXED
Alias: None
Product: WS-Policy
Classification: Unclassified
Component: Framework+Attachment+Guidelines (show other bugs)
Version: CR
Hardware: PC Windows XP
: P2 normal
Target Milestone: ---
Assignee: Felix Sasaki
QA Contact: Web Services Policy WG QA List
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-02-12 21:46 UTC by Umit Yalcinalp
Modified: 2007-04-25 16:59 UTC (History)
0 users

See Also:


Attachments

Description Umit Yalcinalp 2007-02-12 21:46:22 UTC
Title: Which WS-SecurityPolicy version should be used as a reference?

Description: The following WS-Policy documents use references to WS-SecurityPolicy 1.0. [1]. 

-- Framework
-- Attachment
-- Primer
-- Guidelines

Note: There was not a component to target all the documents, hence Framework+Attachment+Guidelines was used to post this bug. Primer is included in this issue as well. 

The posted interop scenerios document to the wg [3] refer to the WS-SecurityPolicy 1.2 [2]. If the intent of the interop scenerios is to test the policy framework, the dependency is unfortunately broken. 

There are differences between the versions of WS-SecurityPolicy. For example, sp:HttpsToken is now a nested assertion instead of a parametric assertion using attributes for requiring client certificate. This difference is used in testing empty nested assertions in the interop scenerios. Thus affects the way that the tests are perceived and used without requiring domain specific processing. 

Justification: The version of the Security policy used in the interop scenerios should reflect the version in the document and vice versa. They must match. Thus, updating the documents with the latest version of the security policy would eliminate confusion from the readers understanding and the use of the security policy. Otherwise, what is really tested does not reflect the documents being reviewed. 

Proposal: Update all the versions of the documents to the latest version of WS-SecurityPolicy to reflect the reality of what is tested. 


[1] http://www.oasis-open.org/committees/download.php/15979/oasis-wssx-ws-securitypolicy-1.0.pdf

[2] http://www.oasis-open.org/apps/org/workgroup/ws-sx/download.php/21401/ws-securitypolicy-1.2-spec-cd-01.pdf

[3] http://lists.w3.org/Archives/Public/public-ws-policy/2007Feb/0008.html
Comment 1 Christopher Ferris 2007-02-28 18:44:02 UTC
See action http://www.w3.org/2005/06/tracker/wspolicy/actions/243.

General consensus to update to the latest available stable public draft from OASIS WS-SX TC at time of next transition