This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 3548 - Normalization should make empty nested policy elements
Summary: Normalization should make empty nested policy elements
Status: CLOSED INVALID
Alias: None
Product: WS-Policy
Classification: Unclassified
Component: Framework (show other bugs)
Version: FPWD
Hardware: Macintosh All
: P2 normal
Target Milestone: ---
Assignee: Frederick Hirsch
QA Contact: Web Services Policy WG QA List
URL: http://lists.w3.org/Archives/Public/p...
Whiteboard:
Keywords: needsAgreement
Depends on:
Blocks:
 
Reported: 2006-07-31 18:04 UTC by Frederick Hirsch
Modified: 2006-08-31 14:32 UTC (History)
0 users

See Also:

Attachments

Description Frederick Hirsch 2006-07-31 18:04:45 UTC 
An empty policy element should be removed upon  normalization

Justification - Need to define additional normalization step to  enable interoperability.

I initially raised this issue in WS-SX (Security Policy) [1], but it  should be addressed in WS-Policy.

The WS-SecurityPolicy spec states (at line 372) "An assertion with an  empty nested policy does not intersect with the same assertion  without nested policy."

Since both mean exactly the same thing, this opens a possibility for  policy interop issues.

<assertion /> and <assertion><policy /></assertion> should mean the  same thing. An engine should treat them as equal, and the  normalization process should account for this.

Target - WS-Policy Framework [2]

Proposal - add new section to 4.3, "Nested Policy Normalization",  with following as the text in the section:

"Any nested policy element of the form <assertion><wsp:Policy /></ assertion> will be normalized by removing the policy element,  producing <assertion /> as the normal form. An empty policy element SHOULD NOT have attributes but if it does, they will be ignored and  the element removed."

Test Case -

The intersection of the following two policy expressions should match  as true:

  <wsp:Policy
   xmlns:test="http://www.example.com/example"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
   <test:SimpleAssertion />
  </wsp:Policy>

<wsp:Policy
   xmlns:test="http://www.example.com/example"
   xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" >
   <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion>
  </wsp:Policy>
Comment 1 Frederick Hirsch 2006-07-31 18:07:08 UTC 
From: Asir Vedamuthu <asirveda@microsoft.com> 

> An empty policy element should be
> removed upon normalization

If an assertion description allows a nested policy expression and the provider decides not to qualify this assertion with nested policy assertions, the assertion MUST include an empty Policy element [1].

> <assertion /> and <assertion><policy /></assertion> 
> should mean

This is a theoretical edge case. I am not aware of a case where an assertion description prescribes a nested policy expression and does not require a provider/requestor to use the nested policy expression.

[1]
http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.html?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting
Comment 2 Frederick Hirsch 2006-07-31 18:08:36 UTC 
To summarize what you said,

If an assertion is allowed to have nested policy, then it MUST have a  wsp:Policy child, always. I think this should be stated more clearly.

Thus the edge case should never occur, since the version without the  wsp:Policy child would be in error.

(see
http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0088 )
Comment 3 Frederick Hirsch 2006-08-23 18:10:31 UTC 
This can be closed with no action, since this case should not occur with correct implementations.

Note that there is another bug report regarding general normalization clarity - 3613.
Comment 4 Frederick Hirsch 2006-08-23 22:06:44 UTC 
 See Minutes http://www.w3.org/2006/08/23-ws-policy-minutes.html