3548 2006-07-31 18:04:45 +0000 Normalization should make empty nested policy elements 2006-08-31 14:32:24 +0000 1 1 1 Unclassified WS-Policy Framework FPWD Macintosh All CLOSED INVALID http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0013 needsAgreement P2 normal --- 1 w3c w3c public-ws-policy-qa oldest_to_newest 10891 0 w3c 2006-07-31 18:04:45 +0000 An empty policy element should be removed upon normalization Justification - Need to define additional normalization step to enable interoperability. I initially raised this issue in WS-SX (Security Policy) [1], but it should be addressed in WS-Policy. The WS-SecurityPolicy spec states (at line 372) "An assertion with an empty nested policy does not intersect with the same assertion without nested policy." Since both mean exactly the same thing, this opens a possibility for policy interop issues. <assertion /> and <assertion><policy /></assertion> should mean the same thing. An engine should treat them as equal, and the normalization process should account for this. Target - WS-Policy Framework [2] Proposal - add new section to 4.3, "Nested Policy Normalization", with following as the text in the section: "Any nested policy element of the form <assertion><wsp:Policy /></ assertion> will be normalized by removing the policy element, producing <assertion /> as the normal form. An empty policy element SHOULD NOT have attributes but if it does, they will be ignored and the element removed." Test Case - The intersection of the following two policy expressions should match as true: <wsp:Policy xmlns:test="http://www.example.com/example" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > <test:SimpleAssertion /> </wsp:Policy> <wsp:Policy xmlns:test="http://www.example.com/example" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" > <test:SimpleAssertion><wsp:Policy /></test:SimpleAssertion> </wsp:Policy> 10892 1 w3c 2006-07-31 18:07:08 +0000 From: Asir Vedamuthu <asirveda@microsoft.com> > An empty policy element should be > removed upon normalization If an assertion description allows a nested policy expression and the provider decides not to qualify this assertion with nested policy assertions, the assertion MUST include an empty Policy element [1]. > <assertion /> and <assertion><policy /></assertion> > should mean This is a theoretical edge case. I am not aware of a case where an assertion description prescribes a nested policy expression and does not require a provider/requestor to use the nested policy expression. [1] http://dev.w3.org/cvsweb/~checkout~/2006/ws/policy/ws-policy-framework.html?content-type=text/html;%20charset=utf-8#Policy_Assertion_Nesting 10893 2 w3c 2006-07-31 18:08:36 +0000 To summarize what you said, If an assertion is allowed to have nested policy, then it MUST have a wsp:Policy child, always. I think this should be stated more clearly. Thus the edge case should never occur, since the version without the wsp:Policy child would be in error. (see http://lists.w3.org/Archives/Public/public-ws-policy/2006Jul/0088 ) 11253 3 w3c 2006-08-23 18:10:31 +0000 This can be closed with no action, since this case should not occur with correct implementations. Note that there is another bug report regarding general normalization clarity - 3613. 11254 4 w3c 2006-08-23 22:06:44 +0000 See Minutes http://www.w3.org/2006/08/23-ws-policy-minutes.html