IRC log of ws-policy on 2007-05-23

Timestamps are in UTC.

13:00:04 [RRSAgent]
RRSAgent has joined #ws-policy
13:00:04 [RRSAgent]
logging to
13:00:24 [fsasaki]
meeting: WS Policy WG (May 2007 f2f, day 1)
13:00:39 [fsasaki]
chair: Chris
13:00:51 [fsasaki]
13:01:36 [cferris]
cferris has joined #ws-policy
13:03:17 [Fabian]
zakim, who is on the phone?
13:03:17 [Zakim]
On the phone I see Fabian, ArnaudM, Chris_Ferris, Plh, Charlton, Prasad_Yendluri, Frederick_Hirsch, monica, Tom_Rutt, Yakov_Sverdlov, asir, Ashok_Malhotra, Maryann,
13:03:20 [Zakim]
... Sergey_Beryozkin, Dale_Moberg, +1.415.402.aaaa, David_Orchard, GlenD, Toufic_Boubez
13:03:21 [Zakim]
asir has Paul
13:03:34 [prasad]
prasad has joined #ws-policy
13:04:09 [maryann]
maryann has joined #ws-policy
13:04:10 [whenry]
whenry has joined #ws-policy
13:04:38 [cferris]
13:04:38 [whenry]
We've got darth vader on the line
13:04:46 [cferris]
zakim, who is here?
13:04:46 [Zakim]
On the phone I see Fabian, ArnaudM, Chris_Ferris, Plh, Charlton, Prasad_Yendluri, Frederick_Hirsch, monica, Tom_Rutt, Yakov_Sverdlov, asir, Ashok_Malhotra, Maryann,
13:04:49 [Zakim]
... Sergey_Beryozkin, Dale_Moberg, +1.415.402.aaaa, David_Orchard, GlenD, Toufic_Boubez
13:04:50 [Zakim]
asir has Paul
13:04:51 [Zakim]
On IRC I see whenry, maryann, prasad, cferris, RRSAgent, fsasaki, Fabian, Zakim, trackbot
13:04:58 [asir]
asir has joined #ws-policy
13:05:01 [TRutt__]
TRutt__ has joined #ws-policy
13:05:02 [charlton]
charlton has joined #ws-policy
13:06:20 [cferris]
is anyone on IRC expecting to be able to dial into the call?
13:06:36 [Fabian]
13:06:54 [charlton]
13:07:06 [charlton]
just joined the call
13:07:25 [whenry]
I'm in ... but all I hear is Darth Vader every so often.
13:07:31 [cferris]
13:07:37 [charlton]
13:07:55 [cferris]
we will dial in as soon as Abbie returns and can figure out the secret handshake
13:08:19 [charlton]
zakim, ??P9 is charlton
13:08:19 [Zakim]
I already had ??P9 as ??P9, charlton
13:08:25 [charlton]
13:08:35 [charlton]
zakim, ??P6 is charlton
13:08:35 [Zakim]
I already had ??P6 as ??P6, charlton
13:08:37 [whenry]
So i'ts not Darth Vader ... just some droid called P9 ... got it!
13:08:53 [charlton]
attack of the droids
13:08:58 [dmoberg]
dmoberg has joined #ws-policy
13:09:35 [cferris]
scribe: DaveO
13:09:42 [monica]
monica has joined #ws-policy
13:10:16 [dorchard]
dorchard has joined #ws-policy
13:10:21 [Fabian]
zakim, who is making noise?
13:10:21 [Zakim]
Fabian, sorry, something's wrong; I couldn't match the conference name
13:10:36 [cferris]
RESOLUTION: minutes from 5/16 approved as posted
13:10:38 [dorchard]
scribe: dorchard
13:10:41 [cferris]
rrsagent, where am i?
13:10:41 [RRSAgent]
13:10:43 [dorchard]
scribenick: dorchard
13:10:58 [fsasaki]
rrsagent, make log member
13:11:20 [charlton]
zakim, ?P6 is charlton
13:11:20 [Zakim]
sorry, charlton, I do not recognize a party named '?P6'
13:11:27 [whenry]
I got a 403 error when I tried that Link above
13:11:27 [charlton]
zakim, who is on the call?
13:11:27 [Zakim]
On the phone I see Fabian, ArnaudM, Chris_Ferris, Plh, Charlton, Prasad_Yendluri, Frederick_Hirsch, monica, Tom_Rutt, Yakov_Sverdlov, asir, Ashok_Malhotra, Maryann,
13:11:31 [Zakim]
... Sergey_Beryozkin, Dale_Moberg, +1.415.402.aaaa, David_Orchard, GlenD, Toufic_Boubez
13:11:32 [Zakim]
asir has Paul
13:11:51 [maryann]
thank you william
13:11:53 [fsasaki]
topic: future meetings
13:12:01 [maryann]
(we;re talking about the F2F)
13:12:47 [Ashok]
Ashok has joined #ws-policy
13:12:59 [fsasaki] f2f in Ireland, hosted by Iona
13:13:29 [whenry]
Go ahead talk about me behind my back ! ;-)
13:13:37 [dorchard]
almost everybody present here will be present at next f2f
13:13:47 [whenry]
13:14:20 [whenry]
Charlton, Fabian, William there too!
13:14:40 [dorchard]
Thursday will be discussion on follow on f2f
13:14:46 [dorchard]
topic: editors report
13:14:49 [cferris]
13:14:57 [dorchard]
sent off the guidelines doc last week, primer the week before.
13:15:49 [fsasaki]
dorchard: one action was not completed
13:15:53 [fsasaki]
chris: on the agenda
13:15:58 [dorchard]
topic: AI review
13:16:32 [dorchard]
279 review: have on their agenda a 2nd lc of wsa metadata
13:17:23 [whenry]
Peaceful ..
13:17:32 [fsasaki]
regrets+ Yakov
13:18:04 [dorchard]
AI 286: maryann will have BOF table @ lunch today.
13:18:36 [Fabian]
The microphones are picking up several people speaking
13:19:14 [fsasaki]
zakim, this is WS_Policy(F2F)
13:19:14 [Zakim]
fsasaki, this was WS_Policy()12:00PM
13:19:15 [Zakim]
ok, fsasaki; that matches WS_Policy(F2F)9:00AM
13:20:13 [Fabian]
uncertain identities :-)
13:20:30 [dorchard]
topic: Agenda item 7
13:20:33 [dorchard]
AI 290
13:20:45 [whenry]
zakim, William_Henry is really whenry
13:20:45 [Zakim]
+whenry; got it
13:21:37 [PaulC]
PaulC has joined #ws-policy
13:22:06 [charlton]
zakim, aaaa is Nortel-Ottawa
13:22:06 [Zakim]
+Nortel-Ottawa; got it
13:22:29 [cferris]
RESOLUTION: issue 4522 closed with resolution proposed in
13:22:35 [cferris]
rrsagent, where am i?
13:22:35 [RRSAgent]
13:24:18 [monica]
monica has joined #ws-policy
13:25:23 [dorchard]
Bug 4567
13:26:43 [dorchard]
4572 suggests it should be lowercase..
13:27:26 [PaulC]
4567 and 4572 proposal:
13:28:21 [cferris]
RESOLUTION: issues 4567 and 4572 closed with proposed resolution in
13:28:25 [cferris]
rrsagent, where am i?
13:28:25 [RRSAgent]
13:28:53 [dorchard]
Bug 4568: latest namespaces
13:29:40 [cferris]
13:30:20 [cferris]
RESOLUTION: issue 4568 closed with proposal in
13:30:26 [cferris]
rrsagent, where am i?
13:30:26 [RRSAgent]
13:31:06 [dorchard]
Bug 4571: QNames/NCNames
13:31:27 [cferris]
13:31:45 [cferris]
RESOLUTION: issue 4571 closed with proposal in
13:31:49 [cferris]
rrsagent, where am i?
13:31:49 [RRSAgent]
13:32:12 [dorchard]
Bug 4575:
13:32:39 [cferris]
13:33:34 [cferris]
RESOLUTION: issue 4575 closed with proposal in the submitted issue
13:34:02 [cferris]
rrsagent, where am i?
13:34:02 [RRSAgent]
13:34:55 [monica]
monica has joined #ws-policy
13:35:55 [dorchard]
paulc: how will all the changes get in?
13:36:11 [dorchard]
paulc/chris: could editors do in real-time?
13:36:37 [dorchard]
asir: seems like impls have already done the "right thing" wrt these fixes
13:37:41 [cferris]
13:37:50 [dorchard]
topic: are nested policy assertions part of vocabulary?
13:40:08 [dorchard]
related to scalability issue..
13:40:14 [dmoberg]
dmoberg has left #ws-policy
13:41:21 [dorchard]
cferris: who agrees with ashok that Dan's answer is correct wrt to what it says, but would prefer that the policies intersect.
13:41:36 [dorchard]
cferris: ashok, dave
13:41:45 [monica]
13:41:52 [dorchard]
dale: at the framework level or domain
13:42:03 [dorchard]
all: at the framework level.
13:43:08 [dorchard]
related 4561, can domain processing "opt-in" to intersection
13:43:36 [TRutt__]
13:43:59 [dorchard]
cferris: if we went with the approach that the framework always intersects, which opposite of current
13:45:24 [dorchard]
monica: are there cases in other domains that would take advantage of such matching?
13:45:32 [cferris]
ack cf
13:45:46 [cferris]
13:45:50 [cferris]
ack asir
13:46:01 [dorchard]
monica: did other domains make a mistake assuming absence would match?
13:46:04 [cferris]
ack tr
13:46:12 [dorchard]
tom: seek stability
13:47:02 [dorchard]
tom: ws-a does not want to rely on domain specific processing
13:47:21 [dorchard]
tom: want stability, but could live with it IF we had done it before CR.
13:47:23 [dorchard]
13:47:26 [cferris]
ack do
13:47:35 [Fabian]
there is only one domain that introduced and uses nested policies. we should make sure we do what WS-SecurityPolicy requires.
13:47:58 [fsasaki]
dorchard: problem I have: ws-addressing comes with something, others come with other requirements
13:48:00 [charlton]
13:48:15 [fsasaki]
.. there is no way to learn from ws-addressing implementation
13:48:17 [Fabian]
13:48:27 [TRutt__]
13:48:28 [abbie]
abbie has joined #ws-policy
13:48:35 [monica]
13:48:37 [fsasaki]
.. ws-addressing, ws-security ends up to have to do the same kind of workaround
13:48:46 [fsasaki]
ashok: and we don't fix it
13:48:58 [fsasaki]
paulc: you go back to WD and it will be done in 6 months
13:49:02 [dorchard]
paulc: we could go back to WG and then take 6 months
13:49:15 [TRutt__]
13:49:39 [dorchard]
cferris: who cannot live with the status quo?
13:50:00 [Fabian]
can live with status quo, can not live with Dan's interpretation
13:50:00 [dorchard]
cferris: on question 1
13:50:08 [dorchard]
no hands
13:50:44 [cferris]
ack fab
13:51:16 [dorchard]
13:51:29 [dorchard]
fabian: we need to coordinate with ws-security policy
13:51:43 [dorchard]
fabian: probably if we did the right thing for ws-security policy, we cover all the cases
13:52:02 [dorchard]
fabian: we introduced nested policy for ws-securitypolicy
13:52:10 [fsasaki]
ack no
13:52:15 [Ashok]
13:52:25 [cferris]
ack mon
13:52:37 [PaulC]
no hands
13:52:40 [cferris]
q+ monica
13:52:42 [charlton]
can live with status quo
13:52:44 [PaulC]
ack no
13:52:51 [cferris]
ack mon
13:52:52 [PaulC]
pbc hand
13:53:03 [cferris]
raise hand
13:53:14 [cferris]
ack cf
13:53:17 [monica]
raise hand
13:53:31 [cferris]
ack do
13:53:34 [dorchard]
we have now learned that "xyz hand" is long form
13:53:55 [fsasaki]
dorchard: runtime protocol specs said they will not wait for ws-policy
13:54:08 [fsasaki]
.. "we will not rely on the CR version of the spec", like RM
13:54:15 [fsasaki]
tRutt: rm does both
13:54:47 [fsasaki]
dorchard: so policy is of the hook, they decided not to wait
13:55:04 [fsasaki]
.. that gives us some room from a scheduling perspective
13:55:24 [PaulC]
13:55:30 [fsasaki]
13:55:33 [cferris]
ack ash
13:55:44 [dorchard]
cferris: except ws-addressing
13:56:07 [dorchard]
ashok: what would happen to ws-security policy asked by fabian
13:56:15 [dmoberg]
dmoberg has joined #ws-policy
13:56:19 [asir]
13:56:21 [dorchard]
ashok: if we adopt this, it would become easier to use securitypolicy
13:56:46 [dorchard]
ashok: could say <x509></x509> would match with all the myriad variations.
13:56:59 [dorchard]
ashok: make life much much easier
13:57:00 [dorchard]
13:57:04 [Fabian-Test]
Fabian-Test has joined #ws-policy
13:57:14 [monica]
monica has joined #ws-policy
13:57:46 [dorchard]
paulc: refutes ashok, assumes they wouldn't add anything under x509
13:58:39 [cferris]
13:58:41 [monica]
monica has joined #ws-policy
13:59:01 [dorchard]
paulc: if they revved security policy after policy revved, then there would be a problem
13:59:09 [dorchard]
q+ to follow up on paul's rebuttal
13:59:14 [cferris]
ack mon
13:59:24 [dorchard]
monica: we have that condition anyways
13:59:40 [dorchard]
paulc: if I explicitly state what I support, then I'm robust.
13:59:59 [dorchard]
paulc: if I then do wildcards, then somebody can add something new
14:00:05 [cferris]
ack pa
14:00:05 [maryann]
14:00:24 [dorchard]
paulc: if you go look at ws-securitypolicy, they point to 1.5
14:00:44 [PaulC]
14:00:46 [fsasaki]
q+ monica
14:01:04 [whenry]
regrets, I must drop off for another call. Will be back afterward.
14:01:09 [fsasaki]
queue = monica, fsasaki, asir, cferris, dorchard, maryann
14:01:13 [Zakim]
14:01:23 [dorchard]
lines 171 to 173
14:01:54 [fsasaki]
ack moni
14:02:34 [dorchard]
monica: if we look at a nested policy expression, ... look at definitions
14:03:21 [dorchard]
q+ to ask how ws-sp uses policy 1.5
14:03:26 [maryann]
since a nested assertion ( according to our definition) means that the behavior qualifies a parent assertion
14:03:59 [maryann]
then at some level the "empty" does imply a certain level of behavior since the parent or root is expressing some behavior
14:04:33 [dorchard]
monica: have to ask whether nesting is exclusive or additive?
14:04:36 [cferris]
ack fs
14:04:38 [PaulC]
14:04:58 [Nadalin]
Nadalin has joined #ws-policy
14:05:09 [dorchard]
felix: this would create versioning problems, and problems with proposal from ws-addressing
14:05:17 [cferris]
ack as
14:05:17 [maryann]
the nested could be additive behavior rather than exclusive behavior that might conflict if you tried to match an empty with a specific sub-assertion
14:05:30 [dorchard]
asir: go back to ashok's point that wildcard wouldn't break security policy
14:05:52 [Nadalin]
yes it would break SP
14:06:16 [asir]
Bottom of Section 3.9
14:06:23 [maryann]
i think it depends on the assertion
14:06:54 [Nadalin]
it would break anyone use of assertions
14:06:58 [maryann]
and the fact that these assertions were designed with an assumption about how the algorithm currently works
14:07:25 [dorchard]
asir: brings up httpstoken with parameters
14:07:33 [prasad]
Yes in general we cannot guarentee that a nested one would always match empty. In some cases it would and some cases it may not. Depends on the specific case
14:07:38 [dorchard]
ashok: no, that's domain specific.
14:08:00 [dorchard]
asir: if you have a nested policy, then it indicates any behaviour.
14:08:15 [monica]
monica has joined #ws-policy
14:08:26 [dorchard]
asir: this is hard to imagine an app that supports all options
14:09:02 [cferris]
ack cf
14:10:05 [dorchard]
cferris: don't buy the argument that if I added new extension then I'd get a false positive.
14:11:21 [dorchard]
cferris: in the case if I had all the options (ie security policy) then compare all those
14:12:05 [dorchard]
cferris: vs letting subsequent behaviour figure out cipher suite..
14:12:25 [dorchard]
cferris: had we gone that direction, it might not have been that bad.
14:12:32 [cferris]
ack do
14:12:32 [Zakim]
dorchard, you wanted to follow up on paul's rebuttal and to ask how ws-sp uses policy 1.5
14:13:14 [fsasaki]
dorchard: paulc was arguing against the wildcard proposal based on ws-security policy does
14:13:54 [fsasaki]
paulc: I looked at the ws-sx spec, you statement was wrong
14:14:00 [PaulC]
Charter text: Web Services Policy should remain compatible with existing policy assertions and offer a smooth migration path for these assertions (where applicable). Existing policy assertions (in specifications that have been submitted to other standards groups) are Web Services Reliable Messaging Policy, Web Services Security Policy, Web Services Atomic Transaction, and Web Services Business Activity Framework.
14:14:02 [Ashok]
14:14:09 [fsasaki]
dorchard: am I talking against an implementation or a WG?
14:14:18 [monica]
14:14:19 [fsasaki]
paulc: reply is citation from charter text above
14:15:04 [fsasaki]
paulc: dorchard said "other TCs have gone ahead without policy, so we can do what the want". That is not true
14:15:21 [fsasaki]
.. ws-sx will reference also the CR version of policy
14:15:37 [fsasaki]
dorchard: how will security policy use policy?
14:16:05 [fsasaki]
.. what will the impact of the change be to security policy? It will break their current work, but they might benefit in the future
14:16:25 [fsasaki]
.. what is the compatibility issue?
14:16:33 [fsasaki]
paulc: go back to WD, change the NS
14:16:49 [fsasaki]
dorchard: they have a reference, but how is policy used?
14:16:56 [fsasaki]
14:17:04 [asir]
14:17:25 [fsasaki]
maryann: it is more than just a reference, it is deep in the spec
14:17:34 [fsasaki]
asir: it is a normative depdendecy
14:18:27 [dorchard]
q+ to ask about how they break.
14:18:32 [fsasaki]
ack mary
14:18:36 [cferris]
ack mar
14:18:50 [PaulC]
ack Paulc
14:19:08 [PaulC]
I supplied my comment above in the Charter text.
14:19:47 [cferris]
we are breaking for 20 mins
14:19:50 [cferris]
14:20:43 [Zakim]
14:21:09 [Fabian]
Charlton, seems like you got the P6 and P9 wrong :-)
14:21:17 [Fabian]
zakim, who is on the phone
14:21:17 [Zakim]
I don't understand 'who is on the phone', Fabian
14:21:24 [Fabian]
zakim, who is on the phone?
14:21:24 [Zakim]
On the phone I see Fabian, Nortel-Ottawa
14:21:49 [Fabian]
zakim, Fabian is charlton
14:21:49 [Zakim]
+charlton; got it
14:21:59 [Fabian]
zakim, who is on the phone?
14:21:59 [Zakim]
On the phone I see charlton, Nortel-Ottawa
14:27:14 [Dug]
Dug has joined #ws-policy
14:27:45 [Dug] (pwd: wspolicy)
14:32:57 [maryann]
<break conversation for posterity> there are issues for security policy, when a service takes the option of wildcarding...the use case for the customer side is easier to illustrate.
14:33:47 [maryann]
when the service is the one doing wildcarding it becomes very difficult with all the extensibility points in security & security policy, to understand what the service is willing to do....
14:35:28 [maryann]
in some sense it would be asserting it could do "anything" that the customer would have in its own policy, and it would be difficult to see how this range of options would be determined, assessesed for interoperability
14:35:56 [maryann]
the customer "could" extend with tokens, that the service was not aware of
14:36:37 [maryann]
there would need to be more constraints on these extensiblity points
14:42:45 [cferris]
zakim, who is here?
14:42:46 [Zakim]
On the phone I see charlton, Nortel-Ottawa
14:42:46 [Zakim]
On IRC I see Dug, monica, Nadalin, dmoberg, abbie, PaulC, Ashok, dorchard, charlton, TRutt__, asir, whenry, maryann, prasad, cferris, RRSAgent, fsasaki, Fabian, Zakim, trackbot
14:43:40 [Zakim]
14:43:53 [cferris]
zakim, ??P6 is Fabian
14:43:53 [Zakim]
+Fabian; got it
14:47:48 [dorchard]
14:47:55 [prasad]
14:49:14 [dorchard]
bug 4558 is related..
14:49:20 [fsasaki]
continuing meeting
14:49:41 [dorchard]
cferris: dispose this, then get back to 4558.
14:50:26 [TRutt__]
14:50:34 [dorchard]
cferris: we have consensus that Dan's message has described the spec.
14:52:18 [dorchard]
14:52:29 [cferris]
ack ash
14:52:40 [fsasaki]
Ashok: not technical points, but about the process
14:52:53 [dorchard]
ashok: security policy agreed to refer to policy 1.2 and policy 1.5
14:53:00 [fsasaki]
.. Paul mentioned that security policy agreed to refer to policy 1.5
14:53:01 [dorchard]
ashok: not whole story
14:54:00 [dorchard]
ashok: they also have charter to change policy reference(s) (1.2 and 1.5 CR) to policy 1.5 rec
14:54:47 [dorchard]
paulc: are you inferring that they were expecting 1.5 ns to change?
14:55:30 [dorchard]
This is a draft document and may be updated, replaced or obsoleted by other documents at any time. It is inappropriate to cite this document as other than work in progress.
14:55:56 [cferris]
paul, concerned that were we to place the /ne/ namespace in jeopardy, that the sx, et al tcs might change their direction
14:56:51 [dorchard]
ashok: 2nd point, tired of the stick "you really want to make this change, it'll go back 6 months"
14:56:56 [dorchard]
ashok: if we have to go back, then ok.
14:57:06 [dorchard]
ashok: let's not use this to stop discussion
14:57:27 [dorchard]
cferris: trying to finish this agenda item..
14:58:22 [dorchard]
cferris: for those left in the queue, I'd like to close this agenda item.
14:59:12 [dorchard]
... do any of you have concerns related to this thread that are not captured by 4558 or 4560 or 4544
14:59:40 [dorchard]
asir: what is disposition of this is the example?
15:00:16 [fsasaki]
15:00:25 [dorchard]
15:00:28 [cferris]
ack mon
15:00:36 [dorchard]
15:00:40 [cferris]
ack mon
15:00:43 [dorchard]
ack monica
15:00:44 [cferris]
ack monica
15:01:14 [cferris]
ack asir
15:01:18 [cferris]
ack prasad
15:02:12 [dorchard]
prasad: leaving default behaviour as is, and give assertion authors chance to over-ride in domain specific
15:02:17 [dorchard]
cferris: 4561
15:02:21 [TRutt__]
Empty as wildcard has problems for nested policy, it woujld be better to define a standard wildcard, which can be put into scope for parent policy for which wildcarding is appropriate for matching. I believe wildcarding is not approporated for all assertions which have nested policy assertion types This could be addressed in
15:02:26 [cferris]
ack trutt
15:04:15 [dorchard]
cferris: asir, please open issue wrt need better example of empty nested policy item.
15:04:39 [cferris]
15:05:54 [asir]
New issue is
15:08:08 [cferris]
RESOLUTION: issue 4577 closed with proposal in amended to change 'default' to 'framework'
15:08:15 [cferris]
rrsagent, where am i?
15:08:15 [RRSAgent]
15:09:08 [dorchard]
topic: 4544 policy vocabulary will not be applied
15:09:10 [dorchard]
15:10:23 [ArnaudM]
ArnaudM has joined #ws-policy
15:10:56 [dorchard]
paulc: how will we proceed?
15:11:28 [dorchard]
paulc: what are people's favourite items to talk about?
15:11:41 [dorchard]
paulc: perhaps each person talk about what they think is most important.
15:12:11 [dorchard]
paulc: heard a suggestion from ashok that dorchard's taxonomy be the starting point.
15:13:45 [prasad]
15:13:56 [fsasaki]
(now discussing mail from dorchard above)
15:14:20 [fsasaki]
dorchard: tried to describe actual differences between 4 positions I see
15:14:44 [fsasaki]
.. in terms of requester / and provider and "pseudo set theory"
15:15:19 [fsasaki]
.. I had a single scenario to describe the differences
15:17:24 [fsasaki]
(dorchard describes the mail, agreement that the mail is correct until "Strict intersection yields no intersection.")
15:17:47 [fsasaki]
now discussing the part starting "There is a policy <Z/> ..."
15:18:08 [fsasaki]
cferris: there are two flavors of that: talking about assertion vs. behavior
15:18:24 [fsasaki]
dorchard: let's talk about assertions only now
15:18:27 [fsasaki]
cferris: ok
15:20:03 [fsasaki]
dorchard: nobody is proponent for 1. about "2. AIN Closed world flavour : "
15:20:14 [fsasaki]
asir: nobody advocates 2 now
15:20:17 [fsasaki]
cferris: agree
15:20:42 [fsasaki]
.. IBM never advocated 2
15:21:25 [fsasaki]
paul: let's skip history and get through analisys
15:21:35 [TRutt__]
15:21:49 [fsasaki]
dorchard: +1. (now going through option 3/4)
15:22:13 [fsasaki]
TRutt: is "client" and "behavior initiator" the same?
15:22:21 [fsasaki]
dorchard: for the purpose of this yes
15:23:19 [fsasaki]
ashok: question on 3: one use case: both provider and requester have published policies
15:23:45 [fsasaki]
dorchard: the scope here is the simplist possible case, somebody starts an HTTP connection and picks up stuff
15:24:39 [fsasaki]
ashok: (starts to ask question on 3)
15:24:47 [TRutt__]
15:24:48 [fsasaki]
paul: hold the question, answer will come
15:24:53 [fsasaki]
ack do
15:25:03 [fsasaki]
dorchard: now about the table
15:26:31 [cferris]
15:26:46 [fsasaki]
maryann: why the "will" column?
15:26:53 [fsasaki]
dorchard: client has an intersection result and it will do a,b. It is not a "MUST" because of the intersection
15:26:56 [Zakim]
15:27:00 [fsasaki]
paul: so this is for the lax intersection case
15:27:08 [fsasaki]
dorchard: yes, for strict case the table is boring
15:28:05 [fsasaki]
.. will or will not is about the intersection, must and "must not" are about both requester and provider
15:28:27 [fsasaki]
.. so will and will not is about the requester only
15:29:56 [fsasaki]
paul: everybody agrees with the "will" column?
15:30:00 [Zakim]
15:30:06 [fsasaki]
ashok: is the will column about requester and provider?
15:30:13 [fsasaki]
paul: david said that
15:30:23 [fsasaki]
cferris: I think will column applies to both
15:30:35 [Zakim]
15:31:13 [asir]
15:31:31 [fsasaki]
s/will column/"will" column/
15:37:42 [fsasaki]
(discussion on the restructuring of the column currently done by cferris)
15:43:30 [fsasaki]
cferris: important to see "who initiates the behavior?" that is different than requester / provider
15:43:51 [fsasaki]
.. I am only constraining the initator
15:44:17 [fsasaki]
dorchard: I don't agree
15:45:08 [fsasaki]
.. in a single interaction, a provider behaves as a response
15:45:30 [ArnaudM]
ArnaudM has joined #ws-policy
15:45:34 [fsasaki]
cferris: I am not constraining the behavior of a response
15:45:37 [whenry]
But how do you really feel?
15:46:15 [maryann]
there is a bit of a passionate discussion happening live
15:46:27 [maryann]
for those of you remote, we ask your tolerance
15:46:44 [fsasaki]
(problems of following the discussion for remote participants, paulc says nothing we can do about that in the current discussion)
15:46:45 [monica]
15:46:45 [maryann]
and we will try to capture the discussion in the scribed text
15:46:55 [whenry]
May need to change the rating to "R" ;-)
15:47:49 [fsasaki]
dorchard: what are the behaviors in the follow up of an interaction?
15:48:03 [fsasaki]
paulc: cferris says the interaction does not constrain the provider
15:48:19 [maryann]
chris does not believe that the intersected alternative constrains the provider behavior
15:48:47 [maryann]
david seems to have a different view of the behaviors for either party
15:50:08 [maryann]
david had tried to reduce the behaviors to a common set and chris feels the distinction is relevant and hence the reduction loses some characterization of behaviors thats important to capture
15:50:22 [fsasaki]
dorchard: in the policy framework, there is no constraint on the provider whether it must do D (from cferris perspective)
15:51:00 [fsasaki]
cferris: in the policy framework , there is no mechanism to tell which alternative I choose
15:51:56 [fsasaki]
.. I'm trying to make a statement in the spec to make clear: if I know what an assertion means in terms of its behavior, and it is not in the alternative selected, it will not be applied
15:55:10 [fsasaki]
paulc summarizes:
15:56:10 [fsasaki]
paulc: requestor will exibit a,b,c and must not do E. Z,Y,C,D are out of scope
15:56:42 [fsasaki]
(proposal is not on IRC)
15:57:21 [fsasaki]
paulc: using intersection means "there is an entity that initiates the intersection", in cferris proposal
15:57:36 [fsasaki]
.. if messages are going in the other direction, roles are changed
15:58:17 [prasad]
ashoh hand
16:00:27 [fsasaki]
ack ash
16:01:36 [fsasaki]
ashok: I have a policy and do a policy intersection. What I must no do is: the behaviors which are in my policy included
16:01:41 [fsasaki]
cferris: correct
16:02:17 [fsasaki]
paulc: you do not the things which are in your policy, not talking about the other guy
16:03:19 [dorchard]
16:03:21 [dorchard]
16:03:31 [Zakim]
16:05:47 [fsasaki]
paulc: would ashok be happy with the words which asir proposed at ?
16:05:59 [fsasaki]
ashok: yes, but with what we have now , we might reword them again
16:06:29 [Zakim]
16:06:52 [fsasaki]
paulc: cferris, are you fine with what we have now?
16:07:17 [fsasaki]
cferris: vocabulary based AIN was subtly different. Now we are constraining what you know
16:08:26 [fsasaki]
paulc: two tasked over lunch: 1) take cferris proposal with Asirs text: would that make ashok happy?
16:08:51 [fsasaki]
.. and 2) request from dorchard to look more at open world proposal, and 3) from monica
16:09:15 [fsasaki]
.. some editorial items
16:09:25 [fsasaki]
monica: already in the mail archive
16:10:05 [fsasaki]
.. what we have now on the screen should go to the primer
16:11:25 [Zakim]
16:11:58 [Zakim]
16:14:26 [cferris]
we are taking a lunch break... back at 1:00 pm ET
16:15:47 [cferris]
email that captures the "whiteboard" dicussion this morning:
16:26:44 [Zakim]
16:31:24 [Fabian]
Fabian has joined #ws-policy
16:49:08 [Zakim]
16:49:34 [cferris]
hi david
16:49:40 [cferris]
we will be starting in 15 mins
16:55:02 [maryann]
scribenick: maryann
16:55:39 [maryann]
scribeNick: maryann
16:56:02 [maryann]
scribe: maryann
16:57:16 [Zakim]
17:02:12 [dhull]
dhull has joined #ws-policy
17:03:05 [Zakim]
17:03:14 [maryann]
just resuming
17:03:39 [asir]
asir has joined #ws-policy
17:03:40 [maryann]
paul needed to leave but will be back
17:03:57 [maryann]
TOPIC: Agenda item 13 David Hull's discussion items
17:04:24 [maryann]
David is here to help us understand what his concerns are
17:04:29 [charltonb]
charltonb has joined #ws-policy
17:05:07 [fsasaki]
topic: David Hull's CR issues discussion
17:05:48 [maryann]
wasn't intending to deal with subtleties, the motivation is to represent some things that came out of the work in WS-Addressing in their attempts to define assertions for the addressing behavior
17:07:16 [maryann]
david - trying to help offer some feedback on reading the policy document, thinks there are some simple ideas that didn't come across
17:08:29 [maryann]
david: some of the behavior you get with bags as a result of intersection is hard to grasp
17:08:50 [Zakim]
17:09:10 [maryann]
david: normalizing policy expressions seems to be indirect
17:09:30 [daveo]
daveo has joined #ws-policy
17:11:24 [maryann]
starting with
17:11:29 [ArnaudM]
ArnaudM has joined #ws-policy
17:13:22 [cferris]
17:14:03 [maryann]
takes a long time to get through the material, paul responded that we considered using other ways of expressing the rules, and it is acknowleged that in retrospect you can always see how you could do something different, but not advocating we do that at this time in the process
17:15:16 [notlrahc]
notlrahc has joined #ws-policy
17:16:31 [maryann]
chris: is there a short path that could augment what is there with a simple summary?
17:17:05 [maryann]
david: normal form is just a policy
17:17:26 [maryann]
this could be a simplifying principle
17:17:58 [maryann]
chris: is there openess in the working group to try to create some rules to augment the current text?
17:18:10 [charltonb]
charltonb has joined #ws-policy
17:18:45 [maryann]
more of when the rules apply
17:18:59 [maryann]
is the critical thing that is missing
17:19:21 [charltonb]
charltonb has joined #ws-policy
17:19:24 [maryann]
commutivity applies because policies are unordered
17:19:31 [maryann]
that's not a normalization rule
17:20:01 [maryann]
assciativity applies pretty clearly
17:20:15 [PaulC]
PaulC has joined #ws-policy
17:20:23 [maryann]
distributive would be good to state that its a normalization rule
17:20:41 [maryann]
a sentence or two at the beginning of each rule might help
17:20:47 [prasad]
17:21:04 [maryann]
ashok: think the spec would be better with more formal rules
17:21:15 [maryann]
chris: prescriptive, right?
17:21:21 [maryann]
ashok: yes
17:21:26 [cferris]
ack cf
17:21:36 [maryann]
david: i agree this is formal without being rigorous
17:21:41 [cferris]
ack asir
17:21:46 [cferris]
ack mon
17:21:57 [cferris]
ack do
17:22:40 [maryann]
asir: i heard dave say he wanted an opening statement.
17:22:50 [maryann]
chris:: i'm talking about text to augment
17:23:04 [maryann]
david : more text for motivation and guidance on when these rules apply
17:24:07 [maryann]
david: its kind of there in the examples, but it would be good to pull it our
17:24:13 [maryann]
17:24:45 [Levogiro]
Levogiro has joined #ws-policy
17:25:00 [maryann]
asir: there is a mapping from the normal form to the policy
17:25:23 [cferris]
17:25:33 [maryann]
chris: this is a description of what the normal form is
17:25:34 [cferris]
17:25:48 [Levogiro]
17:26:01 [maryann]
asir: set of axioms are defined
17:26:14 [maryann]
asir: 4.1 states the mapping
17:26:27 [maryann]
ashok: what does that mean?
17:26:31 [maryann]
asir: data model
17:26:43 [notlrahc]
notlrahc has joined #ws-policy
17:27:08 [maryann]
david: map from expression to a policy is first find normal form expressions and here are some normal form rules
17:28:01 [maryann]
david: from a mathematical point of view there are some holes
17:28:29 [maryann]
david: some of the text seems vague
17:28:41 [maryann]
david: its a declarative and axiomatic approach
17:28:59 [maryann]
chris: are you asking for motivation in 4.3.6?
17:29:03 [maryann]
david: yes
17:29:37 [maryann]
david: now that i understand i can go off and craft some specific statements
17:29:46 [maryann]
chris: that's what i was looking for
17:30:13 [maryann]
asir: 4.3.6 has hyperlinks to the axioms
17:30:30 [prasad]
17:32:11 [Zakim]
17:32:17 [maryann]
chris: what i would recommend is that if you could come up with some specific statements to give this some motivation, the WG is happy to take a look at that
17:32:58 [maryann]
paul: normal form doesn't have a definition, it points to section 4.1 .....used the hyperlink to show the rules, isn't that what you want
17:33:22 [maryann]
david: i think its all in there someplace, but as a newcomer is its hard to find
17:33:39 [maryann]
paul: its a backward reference so maybe that was wrong
17:33:57 [maryann]
paul: and there is no definition and that phrase is used quite offten
17:34:12 [maryann]
paul: david is asking for a motivation
17:34:30 [maryann]
david: it says the intent is to facilitate interoperability
17:34:51 [maryann]
david: really what it does is ground the mapping from expression to policy
17:35:12 [maryann]
david: section 4.1
17:35:24 [maryann]
where it defines the element
17:35:48 [maryann]
david: not clear that putting out all lines in a normal form makes things simpler
17:36:09 [maryann]
paul: it says should
17:36:23 [maryann]
paul: and if you have a long policy that's a good reason
17:37:27 [maryann]
david: here we're saying that you will have to deal with non-normative expressions, the motivation seems odd
17:38:42 [maryann]
david: i think we've hit most of the points
17:38:52 [maryann]
chris: i think the group understands your concerns
17:39:23 [PaulC]
Consider changing: The following rules are used to transform a compact policy expression into a normal form policy expression:
17:39:39 [maryann]
chris: hopefully if you could express some suggested changes in the form of " please do x, y , z" ...preferably not a chinese menu :-)
17:39:41 [PaulC]
to inlcude a reference to 4.1 for "normal form policy expression"
17:40:00 [maryann]
chirs: WG is willing to entertain improvements
17:40:42 [cferris]
17:41:49 [maryann]
chris: this thread led to the realization that your terms and asirs terms are consistent
17:41:50 [PaulC]
and to include a reference to 4.3 for "compact policy expressions"
17:42:05 [maryann]
david: yes, there was some discussion back and forth
17:42:22 [maryann]
david: so i understand that "a" is different from "a,a"
17:42:52 [maryann]
david: alternatives that come out of intersection are going to be different than alternatives that come in from either side
17:42:53 [charltonb]
zakim, who is on the call?
17:42:53 [Zakim]
On the phone I see Nortel-Ottawa, Dave_Hull, whenry, Charlton_Barreto
17:44:24 [maryann]
david: there is no requirement that a policy be reduced to a policy with only one alternative
17:44:52 [maryann]
david: policies have set semantics and alternatives have bag semantics
17:45:18 [TRutt__]
17:45:20 [maryann]
chris: this is a general issue
17:45:37 [maryann]
david: i think the ambiguity is gone from the text
17:46:21 [maryann]
chris: 4552, policies are sets not bags,
17:46:57 [maryann]
chris: there's a proposal from asir, to add text
17:47:11 [maryann]
david: if that's what you want to say, yes
17:47:21 [maryann]
asir: yes that's what we want to say
17:47:53 [fsasaki]
see mail from asir
17:50:26 [maryann]
paul: the code that needs to know about different parameters is not in our hands
17:50:54 [maryann]
paul: you can't tell at intersection that they are the same
17:51:08 [monica]
17:51:22 [maryann]
davidO: in owl you can say two things are the same
17:51:57 [maryann]
david: you can tell if you have two assertions are spelled exactly the same
17:52:07 [maryann]
david: same infoset
17:52:44 [maryann]
david: doesn't mean same infoset it means same assertion
17:53:04 [maryann]
paul: what benefit do i get from eliminating duplicates?
17:54:20 [maryann]
ashok: the algorithm is that they take the alternatives and they pull out the assertions and they apply the same thing twice, like encryption
17:54:42 [asir]
17:54:56 [maryann]
david: seems like the use case doesn't give the result ( in the primer)
17:55:38 [dhull]
It seems that in most use cases it doesn't matter exactly what result comes back, just that it comes back at all
17:55:53 [maryann]
chris: we're sliding into the weeds......we could argue about whether polcies should be bags or sets of alternatives, i think it only matters that it might be simpler
17:56:06 [maryann]
chris: we have a proposal for a clarification
17:56:27 [maryann]
chris: so david, are you satisfied with that?
17:56:31 [maryann]
david: yes
17:57:07 [maryann]
david: given that the group has discussed this and said they're ok with it, then i'm ok with it
17:59:17 [TRutt__]
17:59:53 [maryann]
davido: there is still an issue around duplicates at the end of intersection
17:59:56 [cferris]
ack mon
18:00:22 [maryann]
monica: section 3.2 says that duplicates must exist
18:00:28 [maryann]
18:00:57 [cferris]
ack as
18:01:17 [maryann]
david: there is a direct testable assertion that should be in the interop tests
18:03:40 [cferris]
RESOLUTION: issue 4552 closed with text in placed in Terminology section and referenced (linked) from uses of the term as deemed appropriate by editors
18:03:44 [cferris]
rrsagent, where am i?
18:03:44 [RRSAgent]
18:05:29 [cferris]
RESOLUTION: issue 4556 is closed with proposal offered in issue description
18:05:34 [cferris]
rrsagent, where am i?
18:05:34 [RRSAgent]
18:08:47 [cferris]
If two alternatives are compatible, their intersection is an alternative
18:08:47 [cferris]
18:08:47 [cferris]
all of the occurrances of all of the assertions from each of the alternatives
18:08:47 [cferris]
(i.e., the bag
18:08:47 [cferris]
union of the two).
18:10:08 [cferris]
If two alternatives are compatible, their intersection is an alternative
18:10:08 [cferris]
18:10:08 [cferris]
all of the occurences of all of the assertions in both alternatives
18:10:08 [cferris]
(i.e., the bag
18:10:08 [cferris]
union of the two).
18:11:21 [cferris]
RESOLUTION: issue 4553 closed with the above text modifying the existing text in section 4.5
18:11:25 [cferris]
rrsagent, where am i?
18:11:25 [RRSAgent]
18:13:42 [maryann]
david: 4555- the use of ther term "intersection" was confusing , but the definitions do explain what the group means
18:13:55 [maryann]
david: i might consider "aggregation" or some other term
18:14:47 [maryann]
chris: i do think that our use of the term might introduce confusion, and would it help to have a link to see what we mean and disambiguate it from set intersection
18:14:58 [maryann]
david: some kind of softening might hlep
18:15:04 [maryann]
18:15:16 [maryann]
ashok: it would be good if we had an exact word
18:15:23 [dhull]
"pairwise bag union of compatible alternatives"
18:15:24 [maryann]
paul: give us one
18:16:40 [maryann]
paul: i'm trying to make a proposal
18:16:43 [dhull]
"Policy Intersection is an operation, analogous in some ways to set intersection ..."
18:16:55 [maryann]
paul: policy intersection does not appear in the terminology
18:17:15 [dhull]
or "analogous in some cases ..."
18:17:35 [maryann]
ashok: would it be useful to say....and yyy is used for....
18:17:42 [maryann]
paul: that's what it says in 4.5
18:18:06 [dhull]
18:18:07 [Zakim]
18:18:47 [maryann]
paul: you could introduce text and links
18:19:05 [Zakim]
18:19:27 [maryann]
paul: introduce text in a note....."the use of the term intersection does not imply set semantics:
18:20:05 [maryann]
david: you could say policy intersection analogous to set intersection in some cases....
18:20:24 [maryann]
asir: 3rd sentence in first paragraph
18:20:49 [PaulC]
Org text:
18:20:51 [PaulC]
Intersection is a commutative function that takes two policies and returns a policy.
18:20:58 [PaulC]
New text:
18:20:58 [cferris]
Policy intersection is communtative operation performed on two poilicies that yields a policy that comtains a collection of the compatible policy alternatives. (Note: while policy intersection at times is analagous with set intersection, it does not imply formal set intersection semantics)
18:21:56 [fsasaki]
18:22:06 [fsasaki]
18:22:36 [fsasaki]
18:22:41 [maryann]
david: if i had had that term i would have had fewer false assumptions
18:22:44 [cferris]
RESOLUTION: issue 4555 closed with the above definition for policy intersection added to Terminology section
18:22:48 [cferris]
rrsagent, where am i?
18:22:48 [RRSAgent]
18:25:31 [maryann]
18:25:57 [maryann]
chris: there is a proposal from asir that may allow us to close this
18:26:13 [maryann]
AI 4554
18:26:58 [fsasaki]
18:27:07 [maryann]
david's reply
18:27:45 [maryann]
david: if that is what the WG means then it should be stated
18:29:07 [maryann]
ACTION: Paul to make sure that the additional suggestions are not lost for the non-normative docs
18:29:07 [trackbot]
Sorry, amibiguous username (more than one match) - Paul
18:29:07 [trackbot]
Try using a different identifier, such as family name or username (eg. pknight, pcotton2)
18:29:39 [cferris]
RESOLUTION: issue 4554 is closed with the proposal in to change the text in the first paragraph in section 4.5
18:29:46 [cferris]
rrsagent, where am i?
18:29:46 [RRSAgent]
18:29:59 [fsasaki]
ACTION: pcotton2 to make sure that the additional suggestions are not lost for the non-normative docs related to issue 4554
18:29:59 [trackbot]
Created ACTION-300 - Make sure that the additional suggestions are not lost for the non-normative docs related to issue 4554 [on Paul Cotton - due 2007-05-30].
18:31:43 [maryann]
asir : this is the issue addressed in4561
18:32:14 [maryann]
s/this/ the last issue from David's mail/
18:33:08 [Zakim]
18:33:55 [maryann]
chris: resuming agenda item from before lunch
18:34:01 [daveo]
18:34:06 [fsasaki]
ack dh
18:34:20 [cferris]
ack daveo
18:34:39 [maryann]
TOPIC: Issue 4544: policy vocabulary, will not be applied, oh my! Chris Ferris (11:00 am ET)
18:34:53 [maryann]
DavidO- would like to explore the open world
18:35:28 [maryann]
DavidO- this proposal is close to the one called "open world"
18:35:42 [maryann]
DavidO- I've had some trouble with the terms
18:36:26 [maryann]
DavidO- so i'd like to run through this on a more complicated message exchange
18:37:06 [maryann]
DavidO- terms initiatior is this protocol or wsdl in message
18:38:16 [maryann]
taking the Open world from the text proposed from David .....must do what is intersected and that's it
18:39:01 [maryann]
ashok: open world says nothing about what you must not do
18:39:34 [maryann]
david o - you said you can't live with this
18:40:08 [maryann]
chris-- the term "optional" means that there are two alternatives, not that the behavior is optional
18:40:57 [maryann]
davido- the requestor says RM optional
18:42:06 [maryann]
chris- its a matter of being precise in the use of the optional
18:42:54 [maryann]
davido- i don't understand the stridency of your position
18:43:02 [whenry]
18:43:51 [maryann]
davido- if the client choses to do something why is this so bad?
18:45:13 [whenry]
Can the speakers speak up please?
18:47:17 [monica]
18:47:26 [maryann]
i'll ask william, sorry
18:48:45 [maryann]
chris =- i'm making a big deal because if i don't use wsp:optional and I only have alternatives, and I am able to just select things to do anyway, then it negates the value of providing explicit alternatives
18:49:01 [maryann]
davidO: under my definition that's fine
18:49:32 [maryann]
dale: why did you put Y under must not? ( to chris)
18:49:43 [maryann]
chris -- no i didn't that's david's option
18:49:59 [maryann]
paul: your point is that optional is a macro
18:50:04 [maryann]
chris: yes
18:51:29 [maryann]
paul: imagine the case you have 16 alternatives
18:51:34 [maryann]
( to david)
18:52:22 [maryann]
paul: and you get back the one that doesn't have "e" in it, are you expecting that you can go back and if you find "e" is in it you can
18:52:50 [maryann]
davidO: i think its foolish for a client to do that, but its not necessary in the spec to say that
18:53:16 [daveo]
q+ to say chris' point
18:53:23 [PaulC]
ack monica
18:53:33 [maryann]
monica: i'd like to hear from dale, because he raised these issues about open & closed
18:54:13 [maryann]
monica: there was a long dicussion in AT and they had a hard time characterizing their assertions because they didn't know how to represent it
18:54:36 [fsasaki]
18:54:51 [maryann]
davidO: i want to try to champion chris's point of view to prove that i understand it
18:55:22 [maryann]
daveO: the requestor has this policy and there might be a bunch of things that the provider does that it may or may not be able to do
18:56:03 [maryann]
daveO: in intersection, it explicitly asked whether E was a behavior to do
18:56:41 [PaulC]
ack daveo
18:56:41 [Zakim]
daveo, you wanted to say chris' point
18:56:56 [maryann]
daveO: if you add behaviors that you didn't get back in intersection then you are throwing out the value of intersection
18:57:34 [maryann]
monica: they had a conundrum and they came to a point where they only expressed what they were required to do
18:57:49 [maryann]
chris: if you can do what you want, what's the value of policy?
18:58:12 [maryann]
paul: we could define the syntax, but intersection has no value
18:58:37 [whenry]
18:58:48 [maryann]
paul: its a contract, i'm going to get your policy and this is what i'm going to do as a result of that
18:59:29 [maryann]
daveO: I want to see this under a more complicated message exchange pattern, i don't know what an entity that engages in an interaction means
18:59:47 [maryann]
paul: you're going to do that make connection to someone
19:00:14 [monica]
19:00:17 [maryann]
paul: then something comes back....its got to be going to something
19:01:15 [maryann]
chris: you already did from a reliable message connection ....from a web services perspective you already did policy intersection with paul to send them originally
19:01:39 [maryann]
chris: so you know what's going on here
19:01:50 [maryann]
chris: you are the entity engaging in that interaction
19:02:35 [maryann]
chris: conversely, asynchronously, paul;s going to send messages asynchonously and reliably
19:03:01 [maryann]
davidO- when you engage in an interaction, what do you mean?
19:03:08 [maryann]
chris: i have an endpoint
19:03:21 [maryann]
david: what about an endpoint with multiple messages
19:03:34 [maryann]
david: its the first one, that you're engaging in
19:03:46 [maryann]
chris: angels dancing on the end of a pin
19:03:58 [maryann]
chris: you want to know how do i talk to paul
19:04:09 [maryann]
chris: so you go and get his policy
19:04:21 [maryann]
davidO; how does this map to the subjects we define
19:04:38 [maryann]
paul: that's what attachment states
19:05:19 [maryann]
paul: if you have some at one subject or at another subject, that's the one you have to apply the algorithm on that subject
19:05:41 [maryann]
that why we have subject granuarlity in the policy subjects
19:06:00 [maryann]
chris: we would just like to not have subjectivity in what you can do
19:06:21 [maryann]
chris: if we say you can do a or b, we want it to be either a or be
19:06:25 [maryann]
19:06:33 [maryann]
chris: not that you can do a and b
19:06:49 [maryann]
chris: we want it to have predictability
19:07:22 [maryann]
david O --- why say in the spec MUST not
19:07:28 [maryann]
chris- it doesn't say must not
19:11:43 [maryann]
paul: is the only question about the verb
19:12:52 [whenry]
What text?
19:12:58 [maryann]
paul: straw poll, how many people can live with the text "If an initiating entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity does not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z
19:13:08 [maryann]
(delay for cut and paste)
19:13:14 [whenry]
only reading it now
19:13:15 [maryann]
5 can
19:13:19 [maryann]
2 cannot
19:13:59 [maryann]
19:14:25 [maryann]
"If an initiating entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity SHOULD not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z."
19:14:41 [whenry]
Can live with the inital text
19:15:17 [maryann]
6 can
19:15:24 [whenry]
I can live with it
19:16:27 [whenry]
Can live with should not but kinda like first one
19:16:55 [maryann]
P1 -"If an initiating entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity does not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z."
19:17:37 [maryann]
P2- "If an entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity does not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z."
19:18:08 [whenry]
+1 to P2
19:18:16 [maryann]
P3- "If an initiating entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity should not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z."
19:19:56 [fsasaki]
paulc: example : I have always RM in my policy. So even if I get a intersection result that has not RM in it, I will try to do it
19:20:16 [fsasaki]
TRutt: could not live with SHOULD NOT
19:21:11 [fsasaki]
ashok: wants to have a stronger word than "does not", e.g. SHOULD NOT or MUST NOT
19:22:01 [fsasaki]
paulc: ashok does not want the flexibility in the spec. dave wants the flexibility. Tom is between ashok and dave
19:22:30 [maryann]
sure i can take it back felix
19:22:58 [maryann]
paul ( to tom) why did you vote that way?
19:23:33 [maryann]
tom: can we do a vote between 3 & 4
19:23:59 [maryann]
p4 "If an entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then the initiating entity must not apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z."
19:24:13 [whenry]
Are there penalties for MUST NOT? What will happen? What's the point. Even if we have a MUST NOT people are open to try the great thing is it won't work.
19:24:26 [maryann]
paul -- preference poll for 2, 3, 4
19:24:40 [maryann]
preference 2 - 0
19:24:45 [whenry]
What's 1,2,3 ?
19:24:58 [whenry]
1 does not? 2 should not? 3 Must not?
19:25:06 [maryann]
( p1, p2, p3, p4 above)
19:25:39 [maryann]
preference 3- 7 1/2 or 8
19:25:52 [maryann]
preference 4- 1
19:25:53 [whenry]
I like 2 "does not" better - let the best practices handle the shoulds
19:26:39 [maryann]
paul- strong preference for 3 and no one "can't live" with 3, so this is consensus
19:27:26 [maryann]
monica: is "entity" sufficient?
19:27:36 [maryann]
chris- i need to think about it over break
19:28:11 [maryann]
dave: i like getting rid if initiating because it gets rid of a lot of issues
19:29:01 [cferris]
from the "whiteboard": If an entity includes a policy assertion type A in its policy, and this policy assertion type A does not occur in an intersected policy, then that entity SHOULD NOT apply the behavior implied by assertion type A. If a policy assertion type Z is not included in the policies being intersected then the intersected policy says nothing about the behavior implied by the assertion type Z.
19:29:06 [cferris]
rrsagent, where am i?
19:29:06 [RRSAgent]
19:29:48 [cferris]
note, this link in the log is to the proposal that we have reached consensus on, modulo any "editorial" tweaks
19:30:02 [maryann]
asir: we need to remember that this was only one part of the original proposal
19:30:11 [cferris]
19:30:49 [Fabian]
Fabian has joined #ws-policy
19:31:04 [maryann]
19:33:58 [cferris],+Nepean,+ON,+Canada&saddr=3500+Carling+Ave,+Nepean,+ON,+Canada&f=d&sll=45.364584,-75.727365&sspn=0.007448,0.014377&ie=UTF8&z=12&om=1
19:35:01 [Zakim]
19:36:09 [Zakim]
19:37:31 [RRSAgent]
I have made the request to generate fsasaki
19:53:20 [Fabian]
Fabian has joined #ws-policy
19:57:25 [asir]
Action: Asir to close issues from David Hull
19:57:25 [trackbot]
Created ACTION-301 - Close issues from David Hull [on Asir Vedamuthu - due 2007-05-30].
19:58:46 [asir]
This includes 4552-4556
19:59:19 [maryann]
resuming after break
20:01:25 [CGI234]
CGI234 has joined #ws-policy
20:01:28 [maryann]
TOPIC: 4558 - DaveO's issues with performance
20:04:02 [maryann]
daveO- summarizing issues with wildcarding & issues with security policy
20:04:33 [maryann]
daveO- some new things emerged in the morning session if you were looking at introducing wildcarding at the provider side
20:05:10 [maryann]
daveO- there is a challenge with regard to scalability and ease of authoring
20:05:14 [cferris]
20:05:16 [TRutt__]
20:05:20 [cferris]
ack mon
20:06:03 [maryann]
ashok: i think david raised issues about the performance side, but this is a usefull semantic to express
20:06:43 [maryann]
abbie: wildcarding?
20:06:46 [maryann]
ashok: yes
20:07:53 [maryann]
tom: from ws-addressing perspective the performance issues are not there ( there's only 2) but it may be that not every assertion can use the wildcard feature and we need to think about this more, so it could be a v-next issue
20:08:02 [asir]
20:08:08 [cferris]
ack tr
20:08:19 [fsasaki]
+1 for
20:08:20 [prasad]
+1 to next version. This is not a show stopper
20:08:21 [cferris]
ack as
20:08:29 [maryann]
tom: we need to have a way to express whether or not the wildcarding holds or not
20:09:22 [maryann]
asir: we need some experience with examples, its like an application saying it does anything
20:09:47 [maryann]
asir: if you are worried about malicious behavior, you can use throttles
20:10:18 [maryann]
asir: you can have a limit on the number of alternatives
20:10:49 [maryann]
asir: overloading the existing empty will break existing implementations
20:11:03 [CGI234]
q+ to respond on breaking issue
20:11:18 [CGI234]
20:11:19 [cferris]
ack cgi
20:11:19 [Zakim]
CGI, you wanted to respond on breaking issue
20:12:14 [maryann]
davidO: in the current model i don't think wildcarding breaks implementations
20:12:26 [Fabian]
Fabian has joined #ws-policy
20:12:47 [maryann]
davidO: every spec does not assume wildcarding, they list all the options
20:12:56 [asir]
20:13:04 [maryann]
davidO- seems to me this is a compatible change
20:13:12 [cferris]
ack as
20:13:27 [maryann]
asir: i gave an example, from security policy,
20:13:37 [asir]
From the primer - In another example, WS-Security Policy defines a sp:HttpToken assertion to contain three possible nested elements, sp:HttpBasicAuthentication, sp:HttpDigestAuthentication and sp:RequireClientCertificate. When the HttpToken is used with an empty nested policy in a policy expression by a provider, it will indicate that none of the dependent behaviors namely authentication or client certificate is required. A non-anonymous client who require
20:14:13 [maryann]
daveO-poll.....should we try to fix this now?
20:14:56 [maryann]
daveO- is there anyone else who is interested in solving this now?
20:15:03 [maryann]
exploring solving?
20:15:06 [maryann]
daveO- yes
20:15:32 [maryann]
monica- if we can establish that it won't break existing implementations then we can explore it
20:15:44 [maryann]
tom- asir, it will break implmentations
20:16:07 [asir]
Bottom of Section 2.9 -
20:17:34 [maryann]
chris- ashok and dave are the only ones interested in exploring this?
20:18:06 [maryann]
daveO- if its incompatible i'm not sure i'm interested in a change
20:18:17 [maryann]
tom- if you did a new qname for wildcard
20:18:40 [maryann]
tom- this would be a global qname, so i don't see how it could be backward compatible
20:19:05 [maryann]
daveO- i believe the compatability is around assertions,
20:19:28 [maryann]
felix- it(compatability) is about implementations and assertions
20:20:16 [fsasaki]
CR requirements are about (not) breaking existing implementations, adding a new qname would be against that
20:20:29 [maryann]
chris- so we're dong interop now, and lets say we can up with a compatible solution that doesn't break the 1.5 implementations, ..this is just an exploration.....of where we are
20:20:38 [charltonb]
charltonb has joined #ws-policy
20:21:13 [maryann]
chris- we have roughly a month to cross t's dot i's in anticipation of transition to PR in June
20:21:46 [CGI234]
q+ to answer Asir's objection..
20:23:27 [dorchard]
the key is the phrase "is required".
20:24:08 [dorchard]
a non-anonymous client who requires authentication would put their restriction in httpsToken, and then get the right intersection.
20:24:41 [maryann]
chris - we have to each review these changes, deal with any test cases unresolved after this interop....let's asume we get there.....that puts us into PR in July........that requires an AC review...for a month...current course....Sept for PR... if we entertain introducing a new long would it take to work out a resolution to this?
20:24:46 [maryann]
ashok- couple of weeks
20:24:57 [maryann]
chris- then we're looking at pushing back a month
20:25:31 [maryann]
chris- it pushes us back to last call
20:26:37 [maryann]
ashok- different question....if we start PR process in June..........what will we do in July?
20:26:45 [maryann]
chris- we have primer/ guidelines
20:30:19 [dorchard]
q+ to mention when "customrs" would get wildcarding feature..
20:30:26 [dorchard]
q- CGI
20:33:48 [fsasaki]
ack do
20:33:48 [Zakim]
dorchard, you wanted to mention when "customrs" would get wildcarding feature..
20:34:03 [maryann]
daveO- it will take us 2 years to get a v-next out and my concern is that a 2 month slip is a tradeoff to a 2 year slipbecause we add it with some other features
20:34:26 [TRutt__]
20:35:01 [maryann]
chris- i'm asking does that seem fair, to have a week or two to assess and then move on
20:35:13 [maryann]
daveO- i do think we need to have a proposal on the table
20:35:51 [maryann]
chris- i'm just looking to see if people expect to leave the spec open to do this, or if we are aware of the impact to the current track
20:36:22 [maryann]
asir: implementors have spent a lot of time and it would be hard to get implementors to do anything else
20:36:25 [fsasaki]
20:36:28 [TRutt__]
I only want to change the CR namespace in the PR if there is a change necessary to fix a broken spec, the spec is not broken. The wildcard is an enhancement.
20:36:32 [Ashok]
20:36:34 [cferris]
ack tr
20:36:36 [maryann]
asir- its a myth to think it can be done in 2 months
20:36:52 [dorchard]
q+ to dispute the assertion that it's hard to get implementors to do anything else
20:37:03 [maryann]
tom- i don't want to partition the space, i hope we can do this without versioning the namespace
20:37:19 [cferris]
ack fs
20:37:22 [maryann]
tom- its not broken the way it is
20:37:40 [asir]
20:37:57 [maryann]
felix: it might also involve groups like the WS- addressing
20:38:06 [cferris]
ack ash
20:38:26 [maryann]
ashok- if what's required is that we write a proposal, then i will write one next week
20:38:47 [fsasaki]
20:38:57 [maryann]
chris- the proposal needs to have a solid backing and an understanding of how we get where we want to go
20:39:15 [maryann]
ashok: you might need to retest the intersection algorithm
20:39:47 [maryann]
chris: felix, would adding a feature trigger going back?
20:40:02 [maryann]
felix: yes that should have been done before last call
20:40:38 [maryann]
chris- not going to close the door, lets think about it tonight and look at it again tomorrow
20:41:25 [maryann]
chris: if we have to go back to last call, we'd be adding at least 3 months
20:43:02 [maryann]
chris: we would need to have a plan by June 6
20:43:40 [maryann]
felix: from my experiences and giving people more time, can start a feature creep
20:44:15 [maryann]
abie: we should assess right now whether there is interest
20:44:59 [fsasaki]
20:45:45 [cferris]
RESOLUTION: issue 4558 closed with no action as
20:45:50 [cferris]
rrsagent, where am i?
20:45:50 [RRSAgent]
20:47:08 [maryann]
TOPIC: 4561
20:48:13 [maryann]
Description: can a domain define domain-specific processing that could state
20:48:13 [maryann]
that empty nested policy IS compatible with non-empty nested policy? If so,
20:48:13 [maryann]
then I believe the spec should indicate with a MAY.
20:48:22 [cferris]
20:48:35 [charltonb]
+1 to MAY
20:50:35 [maryann]
asir: the intersection states that domains can only specify parameters intersection
20:50:57 [dorchard]
q+ to ask why closed extensibility model on domain specific affecting intersection
20:51:04 [fsasaki]
ack fsa
20:51:07 [TRutt__]
20:51:58 [maryann]
monica: there is another sentence .....that says " Because the set of bheaviors indicated tby a policy alternative, depends on the domain specific semantics of the collected assertions, determining whether two policy alternatives are compatible generally involves domain-specific processing."
20:52:43 [asir]
20:52:48 [maryann]
monica: i don't understand why we would say that they CAN NOT
20:53:35 [cferris]
ack do
20:53:35 [Zakim]
dorchard, you wanted to dispute the assertion that it's hard to get implementors to do anything else and to ask why closed extensibility model on domain specific affecting
20:53:38 [Zakim]
... intersection
20:54:02 [maryann]
daveO: i don't understand why we have this closed domain processing limit on the domain specific processing
20:54:07 [fsasaki]
20:54:37 [maryann]
daveO: i think we will do harm and prevent this item we just put off for if we do this
20:54:40 [cferris]
ack tr
20:54:49 [maryann]
asir: I was explaining what's in section 4.5
20:55:50 [maryann]
asir: to say that two assertions are compatilbe you have to match the qname and the only thing that is delegated is the assertion parameter processing
20:56:39 [cferris]
ack as
20:56:47 [cferris]
q+ ashok
20:56:48 [maryann]
asir: you need to determine if each assertion is compatible, and the key statement is that the only thing that is not covered is parameter processing
20:56:49 [dmoberg]
20:56:54 [cferris]
20:57:25 [TRutt__]
The spec should clarify that the use of domain specific intersection processing requires that it be specified with the assertion type definition, In the lack of any domain specifric processing for intersection in the definition of an assertion type, the default intersection processing applies. If the intersection processor has to have a escape table (based on qname) for assertion types wanting to pull parameters into the algorithm, it costs no more
20:57:53 [maryann]
tom: we need to clarify if they don't put domains specific rules, the framework algorithm apples
20:58:06 [asir]
20:58:20 [prasad]
It only says: "As a first approximation, an algorithm is defined herein that approximates compatibility in a domain-independent manner". That is it only a first approximation?
20:58:35 [prasad]
s/it only/it is only/
20:58:41 [dorchard]
q+ to respond to issue of domain specific processing and performance.
20:58:42 [maryann]
tom: when you pull in domain specific processing you may as well pull in everything......parameters & empty
20:58:49 [maryann]
tom: and the text is ambiguous
20:58:59 [cferris]
ack fs
20:59:18 [maryann]
felix: the spec says the alogrithm is only an approximation, and may be totally independent
20:59:30 [maryann]
felix: so I don't think it breaks
20:59:42 [cferris]
ack ash
21:00:52 [TRutt__]
21:00:53 [maryann]
ashok: asir tlaks about qnames and parameters, but what the spec says before that unless you have domain specific processing, so number one is if you have domain processing, and you can specify whatever you wish, if you don't then you fall back to the approximation
21:00:55 [cferris]
ack dm
21:01:06 [fsasaki]
21:01:28 [maryann]
dale: similar to ashok, you can't say categorically that empty can't be interpreted in a domain specific processing, then they can do that
21:01:39 [maryann]
dale: that's what the wording says to me
21:02:16 [maryann]
dale: if a domain specific algorithm is required......then you say that you don't use the approximation, right now it seem s open
21:02:46 [monica]
monica has joined #ws-policy
21:03:04 [Ashok]
21:03:08 [monica]
21:03:10 [maryann]
chris ( chair hat off)
21:03:42 [maryann]
chris: reasonable people are coming to resonably different interpretations which indicates that there is clarification needed
21:04:30 [maryann]
chris: there is no processing model for intersection, there are some steps, there is some prose, and it doesn't say explicitly whether you do domian first or second or part of the framework processing
21:05:00 [Zakim]
disconnecting the lone participant, Nortel-Ottawa, in WS_Policy(F2F)9:00AM
21:05:03 [Zakim]
WS_Policy(F2F)9:00AM has ended
21:05:05 [Zakim]
Attendees were +1.613.765.aaaa, charlton, whenry, Nortel-Ottawa, Fabian, Charlton_Barreto, Dave_Hull
21:05:12 [maryann]
chris: i think with soap we came up with a clear processing model which said, you can do it anyway you want but the behaviior has to be as if .....
21:05:17 [maryann]
anyone on the phone?
21:05:26 [cferris]
zakim, who is on the phone
21:05:26 [Zakim]
I don't understand 'who is on the phone', cferris
21:05:35 [cferris]
zakim, who is on the phone?
21:05:35 [Zakim]
apparently WS_Policy(F2F)9:00AM has ended, cferris
21:05:36 [Zakim]
On IRC I see monica, charltonb, dorchard, ArnaudM, asir, dhull, dmoberg, abbie, Ashok, charlton, TRutt__, whenry, maryann, prasad, cferris, RRSAgent, fsasaki, Zakim, trackbot
21:05:57 [maryann]
chris: we need to clear this text up
21:06:03 [RRSAgent]
I have made the request to generate fsasaki
21:06:05 [cferris]
ack as
21:06:08 [maryann]
asir: clarification is fine
21:06:27 [TRutt__]
if any spec defines an assertion type with domain specific processing, the implementation of that spec has to have a way to "overide" the default processing for that assertion qname. This can be very costly. In fact, an intersection implementation could be designed with a limitation of only doing default processing, and it would work only with policy definitions which rely on the default intersection algorithm In fact, I would ask if there are any
21:06:30 [TRutt__]
21:07:05 [maryann]
asir: section 4.5 is policy intersection
21:07:21 [maryann]
asir: everything is based on qnames
21:07:49 [maryann]
asir: the spec says what is not part of policy intersection
21:08:28 [maryann]
asir: if a domain says its not based solely on qnames then its a different algorithm
21:09:16 [maryann]
chris: how is that different?
21:09:33 [dorchard]
21:10:04 [fsasaki]
21:10:18 [maryann]
daveO: why on earth do we say the domain can say that something falls out of intersection, but not in intersection
21:11:07 [maryann]
daveO- asir, you are saying that if you go through intersection and the qname match says yes, and the domain goes through and says no .......
21:11:24 [TRutt__]
The framework should be clarified that the "domain specific" intersection is limited to processing of elements within the assertion element for a qname (i.e., only pertains to its parameters and nested assertions
21:11:33 [dorchard]
q+ beer
21:11:42 [dorchard]
q- beer
21:11:44 [dorchard]
21:11:45 [maryann]
asir: it says that in the first statement of the intersection
21:11:47 [dorchard]
q+ beer
21:12:06 [fsasaki]
+1 to TRutt
21:12:08 [fsasaki]
21:12:16 [maryann]
tom: the text does not say that anything under a qname is what is considered domain processing
21:12:18 [monica]
21:12:22 [TRutt__]
21:13:35 [maryann]
daveO; this is a performance concern....the way it works it kind of scales because once you match, then you can do a lot of other processing and you know exaclty which domain processing to kick off
21:13:37 [fsasaki]
ack do
21:14:39 [maryann]
daveO: in one case you prune the tree of things that don't match, you know you only have to go into 2 to see if there is any domain processing to override the behavior
21:15:20 [dorchard]
21:15:31 [dorchard]
q+ thaiFfood
21:15:36 [dorchard]
q- thai
21:15:40 [fsasaki]
ack moni
21:15:41 [dorchard]
q+ thaiFood
21:15:49 [fsasaki]
q+ wine
21:16:29 [TRutt__]
TRutt__ has left #ws-policy
21:16:37 [maryann]
monica: if you look at the last paragraph in 4.5 you can have more than one assertion of the same type.... lean toward davids argument to allow domains to specify compatilbility
21:17:07 [ArnaudM]
ArnaudM has left #ws-policy
21:17:24 [RRSAgent]
I have made the request to generate fsasaki
21:19:21 [fsasaki]
adjourned for today
21:19:24 [RRSAgent]
I have made the request to generate fsasaki
21:19:40 [Zakim]
'restarting to clear state'
21:20:07 [charltonb]
21:20:10 [Zakim]
restarting in 1 minute