See also: IRC log
<Yakov> scribe: Yakov
<monica> note: Regrets from Fabian; wave from Java One.
<cferris> http://www.w3.org/2007/05/02-ws-policy-minutes.html
minutes approved
<cferris> RESOLUTION: minutes from 05/02 approved as posted
next week - Paul will chair
Abbie needs email addresses from the group members
Paul reminds about the F2F registration
Paul asked to send regrets
<cferris> please visit the registration page and indicate whether you will be attending or sending regrets
<TRutt__> Jacques Durand will not attend, he is the Fujitsu alternate
<cferris> please have him send regrets
Chris - F2F in Dublin - please register
<prasad> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0079.html
<cferris> the link above is the latest draft of the primer
<whenry> Priceless
Prasad: making a good progress on the Guidelines
Paul: the doc will be on the F2F agenda
Chris: ACTION-279 is in progress
Paul to resolve liaison issue
Maryann asked to move the date for AI-286
and add to the F2F agenda
<cferris> ACTION: Paul and Chris to add agendum to cover the discussion around action 286 [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action01]
<trackbot> Sorry, amibiguous username (more than one match) - Paul
<trackbot> Try using a different identifier, such as family name or username (eg. pknight, pcotton2)
<fsasaki> ACTION: pcotton2 and Chris to add agendum to cover the discussion around action 286 [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action02]
<trackbot> Created ACTION-296 - And Chris to add agendum to cover the discussion around action 286 [on Paul Cotton - due 2007-05-16].
AI-289: Abbie to update F2F
ACTION-290 Ashok to open an issue
<scribe> done by Ashok
Chris: ACTION-291 is done
Chris/Monica: ACTION-292 is pending
<monica> thanks dave
Chris/Asir: ACTION-293 is done
Chris asked Ashok to open an issue regarding ACTION-294
Asir: ACTION-295 is pending, will be ready for the next telcon
Bob: The concerns from WS-Addressing group have been removed
Ashok: asks about policy about empty nested policy and whether client and server can communicate
David: the answer is no but it may be a flaw in our spec
David brigns up the concern about the scalability, wild cards
Tom: clarifies the empty/intersection issue
the algorithm should be fine from the WS-Addressing perspective
Thanks Chris!
David: if the policy has restrictions, the restrictions have to be listed - and the scalability issue may be a result
Monica: need more discussion
<monica> Monica: Need to consider if we are explicit about this in the Framework. We should be explicit. If not here, in the Primer. Use Addressing as an example.
Dan: responds to Ashok about two policies'
compatibility and intersection
... explains section 3.6.1 in WS-Addressing about compatibility
Having compact form of policy expression should address the scalabilty concern
David: responds on the compact form.
Dave's concern is verboseness of the nested case
Monica: brings up the domain specific processing
Paul: Is this AI 286?
Maryann: to extend the AI 286 to accomodate the Monica's proposal.
Monica: do we need to update the Framework
about the non-matching case
... there is a confusion about the intersection.
Chris: should the Ashok's example be added to the list of expamples?
<monica> thanks asir
<cferris> ACTION: Asir to provide an proposal that adds an example to 4.5 Policy Intersection that calls out the non-matching case from Ashok's email [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action03]
<trackbot> Created ACTION-297 - Provide an proposal that adds an example to 4.5 Policy Intersection that calls out the non-matching case from Ashok\'s email [on Asir Vedamuthu - due 2007-05-16].
Paul: is there anybody with the proposal?
Chris: asks people to bring up concerns whether the proposal is sufficient
Paul: asks David to open an issue about potential scalability problem
<cferris> ACTION: David to open an issue related to the scalability of intersection in the face of nested policy [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action04]
<trackbot> Created ACTION-298 - Open an issue related to the scalability of intersection in the face of nested policy [on David Orchard - due 2007-05-16].
I actually see Bob in the users list
<cferris> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0055.html
<toufic> i apologise but i have to get off the call
<toufic> but i have to moderate a panel
<toufic> and tony is a panelist, so i'll ask him about the F2F
<toufic> bye
<whenry> Regrets I must drop off too.
<scribe> scribe: Yakov
<GlenD> What Chris is saying seems fine WRT behaviors that introduce a /requirement/ on an interaction. For behaviors that simply add extra functionality or introduce options, I don't see a problem with them being active even though they aren't explicitly called out in an assertion.
<fsasaki> scribe: fsasaki
<paulc> Chris's proposal: [Definition: A policy alternative is a potentially empty collection of policy assertions.] An alternative with zero assertions indicates no behaviors. An alternative with one or more assertions indicates behaviors implied by those, and only those assertions. No other behaviors are to be applied for the alternative.
paulc: is this the text of cferris proposal?
<paulc> Chris's proposal also includes the markup in the attachment to his email.
<asir> +1 to chris
chris: yes. It only covers the framework
<paulc> Chris's proposal also requires changes to the other specs.
<GlenD> I don't like the idea that someone can complain that I'm not being a good policy citizen if I throw an optional (non-MU) SOAP header in a message I send.
<Zakim> dorchard, you wanted to say what I think positions are, and what pros/cons of each are.
<daveroth> it looks like WS-Policy attachment doesn't use vocabulary terms at all
dorchard: chris is favoring one position. I want to understand what the positions are
<paulc> Chris's proposal is in http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0055.html
dorchard: I see three positions, I posted a mail a while ago
<monica> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0085.html
(mail from david with the positions)
<daveroth> Please note my response to Dave's summary in message 85
<daveroth> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0086.html
[AIN Vocabulary flavour: Any assertion not in a vocabulary should not be
applied (Original chris proposal)
AIN Closed favour: Any assertion not in an alternative should not be
applied (revised chris proposal)
AIN Removal: Any assertion not in alternative means nothing. It may or
may not be applied.]
<paulc> 1. AIN Vocabulary flavour: Any assertion not in a vocabulary should not be
<paulc> 2. AIN Closed favour: Any assertion not in an alternative should not be
<paulc> 2. AIN Closed favour: Any assertion not in an alternative should not be applied (revised chris proposal)
<paulc> 3. AIN Removal: Any assertion not in alternative means nothing. It may or may not be applied.
<paulc> David is asking if the three above items are the three choices.
<paulc> 1. AIN Vocabulary flavour: Any assertion not in a vocabulary should not be applied (Original chris proposal) 2. AIN Closed favour: Any assertion not in an alternative should not be applied (revised chris proposal) 3. AIN Removal: Any assertion not in alternative means nothing. It may or may not be applied.
paul: who in the WG has proposed no 3? question to dave
dave: I think Ashok, Fabian, Dale
... I seem to see some support of removal of AIN removal
<GlenD> I would support the WG seriously considering removing AIN.
<asir> Dave's characterization of position 2 AIN closed flavor is INCORRECT
<monica> asir please get on the queue
dave: the AIN closed flavor has a downside in composition cases like rsp / rm
ashok: I said that I want the third option and that I liked Monicas wording
see http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0083.html
paul: is your mail message 83?
monica: yes
ashok: talked to our product guys, they said they want the third option
<paulc> Glen - are you going to be in Ottawa?
frederick: brief comment, no mail associated:
<GlenD> Paul - It does not look like it, unfortunately :(
<asir> Ashok mentioned a proposal from Monica .. can't see it in the archive tho
<paulc> Glen: can you then submit your regrets via the registration system?
<GlenD> Absolutely, Paul.
<monica> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0057.html
<fjh> two concerns:
frederick: you could do rm using a policy, and security using no policy. We cannot say everything about behaviors
<fjh> first: statement "no other behaviours to be applied" may be too broad. What if you have policy that only specfies RM. Someday later add Message security without updating policy.
<fjh> Why not possible. Shouldn't additional behavours out of policy be possible?
<GlenD> Yes, IMO
<paulc> Using David O's 3 choices. The following is Monica's text for #3:
<paulc> "When a policy assertion is absent from a policy vocabulary (See section 3.2, Web Services Policy 1.5 - Framework), a policy-aware client should not conclude anything (other than ‘no claims’) about the absence of that policy assertion."
<fjh> 2nd concern: without access to provider policy, but only intersected policy, how can negation be known or understood. Better to say what mean?
<GlenD> ESPECIALLY ones that don't cause any required behaviour
<dmoberg> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0105.html
<monica> monica
dale: I talked in my mail interoperability
concerns mentioned by chris
... I think we should have meaning explanations of policy assertions in the
guidelines, but not in the framework
... a general statement in the framework is confusing
<Zakim> cferris, you wanted to respond to daveo's point about the rsp assertion and rm assertion
chris: about rsp / rm concerns by dave
... the language I proposed does not talk about assertions, but behaviours
<asir> +1 to Chris comment about behaviors (and not assertions
<daveroth> +1 to Chris
chris: the alternative says what something means
<GlenD> and what happens when a policy goes stale?
<cferris> how does a policy go stale?
chris: if policy provides only hints, what is the point?
<GlenD> metadata is necessarily "just a hint" and trying to imply otherwise is davegerous
<monica> See: An alternative with zero assertions indicates no behaviors. An alternative with one or more assertions indicates behaviors implied by those, and only those assertions.
dave: if you talk about behavior instead of assertions, the same concerns come up
<GlenD> it goes stale because the client pulled it over and cached it, and you've moved on and added a new optional behavior
<monica> see text from Framework
<monica> ee above
<monica> c/ee above/see above
asir: want to support chris description
<asir> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0086.html
asir: mail above shows differentiation between behavior and assertions
dave: not talking about absent assertions, but
behaviors, makes everything clearer
... the "no claims" proposal: agree with chris, it leaves the door open for
problems
<monica> See Section 3.2
<monica> An alternative with zero assertions indicates no behaviors. An alternative with one or more assertions indicates behaviors implied by those, and only those assertions.
monica: confused by separating behaviors and
assertions
... to me this definitions conflicts with the proposal from chris
<asir> don't think anyone asked to change the definition
<Zakim> dorchard, you wanted to solicit problems with all scenarios..
monica: currently it does not get closer to resolving this issue
dave: ashok, glen and others came up with clear
positions which need to be addressed to come to a WG position
... frustrated by the differentation between assertion and behavior
<monica> +1
<GlenD> assertions are statements ABOUT behaviors, no?
<GlenD> isn't it that simple?
dave: there's two positions: AIN about
assertions, vs. AIN about behavior. Still confused
... need maybe another round of proposals.
paul: what are your key questions to be answered?
dave: don't know them, that is the point
frederick: thanks dave for a clear
explanation
... does chris proposal mean that we don't talk not about negation anymore,
or is there a different kind of negation?
<Zakim> cferris, you wanted to respond to Monica's concern regarding the differentiation of assertion type and behavior
<monica> 1+
dan: no negation tied to a negation type, it just says "I do what I say, nothing else"
<cferris> A policy assertion identifies a behavior that is a requirement or capability of a policy subject.
chris: response to monicas concerns
<GlenD> "I do what I say" necessarily means "I do what *this policy* at *this moment in time* says."
chris: definition of policy assertion meant by
monica: seems to be clear to me
... I can have several assertions that can say the say thing, like "do
reliable messaging"
... policy is making a statement "this is what I know".
... if we leave policy "makes no claims", what is the point of it?
dan: about the difference between behavior and
assertions
... we have done ws security, rm etc.
... we have these protocols you can implement, but a requester without
metadata does not know which one to use
... that is there policy and assertions come in
... you describe the behaviors using an assertions. These are separate
things: the metadata and the behavior you do
... with the latest proposal from chris, you don't have to think about
assertion types anymore
monica: we are talking about assertion types. We need text which makes this cleare
paul: was dan's explanation helpful?
monica: yes, but it does not resolve the issue
<cferris> in my latest proposal, there is NO MENTION of assertion types in the text I added
dale: chris and dans explanations help with
what policy should do
... that is information which you should put into policy guidelines.
<fjh> explanations are helpful, thank you. Improvement not to have to look at other assertion types elsewhere.
<GlenD> +1 Dale
dale: the current proposal does not add clarification but rather confusion
ashok: question: I have one assertion which says "I do x". Can I do Y?
Dan: does x include the behavior of y?
ashok: no
Dan: so you cannot do y
... if y and x are independent, you have no idea how they interrelate
<GlenD> ...even if Y is a behavior that introduces no requirements? -1.
Dan: absence as assertion type created the confusion.
ashok: so you can do negation?
dan: yes, but it is not bound to an assertion
type
... I don't need to look at all assertion types in the world
<monica> A policy alternative MAY contain multiple assertions of the same type.
monica: above is from sec. 3.2
... if we allow these type things we need to be able to differentiate
... what if there is multiple assertions? What do you do?
<Zakim> dorchard, you wanted to talk about difference between sufficent and completeness
monica: chris made a differentiation to be explicit about what it means, and we are conflicted about what it means
<GlenD> "sufficient information to obtain interoperability"!!!!!
<GlenD> +1 Dave
dave: there may be two bars about information
disclosure by the provider
... listing all assertions (completeness, also optional ones) or sufficient
ones for interoperability
... don't like the characterization: if you don't have AIN, you don't have
interoperability
... do we need to be sufficient and complete, or just sufficient
chris: I'm confused: don't understand: what is
not clear about the difference between assertion type and behavior
... think of two pointers (the assertions) pointing to the same thing (the
behavior)
<GlenD> That sounds like a required behavior, Chris.
chris: we don't want it to be incomplete, it should be a tool for interop between endpoints
maryann: follow up on what chris is saying
... whould it be helpful to have a statement in the policy intersection
section
... sec. 4.5, after last bullet on compatibility processing. In the lines of
what dave said
<dorchard> chris, you are missing my point that there's a difference between sufficient to talk to the endpoint or completely described how can talk to the endpoint
maryann: to say that you should apply the behavior
monica: answer to chris: about the assertion vs. behavior difference
<dorchard> And I really think there is consensus that sufficient is a goal of the WG.
monica: maybe there is an opportunity to put
s.t. in the intersection section (proposal by maryann)
... two different policy assertions might map back to the same assertion
type
<asir> I agree with Maryann that the case explained by Monica is covered
<monica> implicit
dan: the IBM proposal has nothing about
enforcement
... the policy framework can't keep you from lying, interop just suffers.
Proposal does not change that
... the proposal only helps to read the behavior
dave: point I made earlier: I think there is
consensus in the WG that the policy provided by a provider must be sufficient
to the client
... people who want to remove AIN say the things which are optional may not
be described
asir: optional is a marker not existing at the
data model level
... in the data model, you have two alternatives
<paulc> 1. AIN Vocabulary flavour: Any assertion not in a vocabulary should not be applied (Original chris proposal) 2. AIN Closed favour: Any assertion not in an alternative should not be applied (revised chris proposal) 3. AIN Removal: Any assertion not in alternative means nothing. It may or may not be applied.
paul: heard no preference for 1, several for 2
or 3
... have no heard from anyone: which can people live with?
<asir> for the record the second flavor doesn't capture the revised Chris proposal
<asir> correctly
<bob> Can WS-Policy agree with our response to the WS-Policy issue?
paul: I don't think this discussion has nothing
to do with the ws addressing discussion
... policy WG has never responded to the addressing WG, it's agenda item
10a
<cferris> http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0060.html
<paulc> WS-A response reply: http://lists.w3.org/Archives/Public/public-ws-policy/2007May/0060.html
paul: dan wrote a reply that he is happy with
the ws addressing proposal
... bob is asking if we can reply back and say "addressing has done the right
thing"?
monica: don't object, only one point about formulation related to wsp:Optional
<bob> thank you
paul: you can make a LC comment, if you are ok now with the general solution
<cferris> ACTION: Chris to respond to WS-A regarding the WS-P WG feedback on their Metadata spec [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action05]
<trackbot> Created ACTION-299 - Respond to WS-A regarding the WS-P WG feedback on their Metadata spec [on Christopher Ferris - due 2007-05-16].
paul: if everybody is fine, we can go to ws addressing wg with our OK
monica: we should look at the comments from ws addressing and other domains for the framework
chris: for the record, IBM cannot live with "no claim"
paul: adjourned
[NEW] ACTION: Asir to provide an
proposal that adds an example to 4.5 Policy Intersection that calls out the
non-matching case from Ashok's email [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action03]
[NEW] ACTION: Chris to respond to WS-A
regarding the WS-P WG feedback on their Metadata spec [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action05]
[NEW] ACTION: David to open an issue
related to the scalability of intersection in the face of nested policy
[recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action04]
[NEW] ACTION: pcotton2 and Chris to add
agendum to cover the discussion around action 286 [recorded in http://www.w3.org/2007/05/09-ws-policy-minutes.html#action02]
[End of minutes]