This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 3672 - Clarify the policy model for Web Services
Summary: Clarify the policy model for Web Services
Alias: None
Product: WS-Policy
Classification: Unclassified
Component: Framework (show other bugs)
Version: FPWD
Hardware: All other
: P2 normal
Target Milestone: ---
Assignee: Yakov Sverdlov
QA Contact: Web Services Policy WG QA List
Depends on:
Reported: 2006-09-08 01:03 UTC by Yakov Sverdlov
Modified: 2006-09-19 15:21 UTC (History)
0 users

See Also:


Description Yakov Sverdlov 2006-09-08 01:03:57 UTC
I think it makes sense to decouple the policy model for web services in section 3.4 from the requester/provider paradigm and to describe the model in terms of entities in a Web services-based system. Lets look at the traditional stock trading use case for the authorization domain, i.e. a client application sends a trade request to a web service.

There may be the following entities (with associated distinct policies/subjects) involved in this interaction: requester application; requester device (wireless PDA, cell phone), on which the application is running; and web service provider (application). Any component of Web infrastructure (WAP gateway, web server, application server, etc) may also be considered an entity in this interaction and may have an authorization policy  for example, Do not accept a trade order with the amount of more than $1M if the order comes through WAP. The same may apply to the policy processor itself with the policy specifying something like Only policies starting from the WS-Policy version 1.6 are accepted

It is my understanding that, in this particular example, at least five policies for the same policy domain will have to be evaluated. It is also my understanding that these polices may be attached to different policy subjects: requester app or message; requester device; message; Web infrastructure component; and WS-Policy version; respectively.

In my opinion, the policy model in the section 3.4 should describe such actions, as conveying the conditions, using the policy, choosing an alternative, policy assertion support, etc, in regard to an entity in a Web services-based system instead of binding these actions to a requester or provider.

The proposal is intended to address the following discrepancies/issues:
1.	The title does not correctly reflect the content of the section
2.	The model should be presented in a slightly more abstract form to better fit with the potential Framework use cases.
3.	The use case, which is described in the section, should not be presented as typical.

WS-Policy Framework, 3.4 Web Services
The proposal includes the following changes:

1. Change the section 3.4 title from Web Services to Policies of Entities in a Web services-based system

2. Modify the text of section 3.4. 

I dont have the actual text for the proposed change. 

The first paragraph may begin as:

 Applied in the Web services model, policy is used to convey conditions on an interaction between entities in a Web services-based system (requester, provider, Web infrastructure component, etc). Typically, an entity in a Web services-based system exposes a policy to convey conditions under which it functions

The requester/provider scenario should be present in the section almost as is to illustrate one of the possible use cases.