Last Modified: $Date: 2007/05/21 01:54:33 $
The WS-Policy specification defines a policy to be a collection
of policy alternatives with each policy alternative a
collection of policy assertions. The Web Services Policy 1.5 - Framework provides a flexible framework to
represent
consistent combinations of behaviors from a variety of domains.
A policy assertion is a machine readable metadata expression that
identifies behaviors required for Web services interactions.
WS-Policy Assertions communicate the requirements and capabilities of a web service by adhering to the specification, WS-Policy Framework. To enable interoperability of web services different sets of WS-Policy Assertions need to be defined by different communities based upon domain-specific requirements of the web service.
The focus of these guidelines is to capture best practices and usage patterns for practitioners. It is a complementary guide to the Framework and Attachments specifications and the Primer. It is intended to provide non-normative guidelines for WS-Policy Assertion Authors who need to know the features of the language and understand the requirements for describing policy assertions. Some of the guidance for WS-Policy Assertion Authors can also be helpful for:
WS-Policy expression authors who need to understand the syntax of the language and understand how to build consistent policy expressions
Consumers of policy expressions who need to understand the requirements contained in policy assertions
Providers of policy expressions who need to understand how to use the assertions authored by Assertion Authors
This document assumes a basic understanding of XML, Namespaces in XML, WSDL, SOAP and the Web Services Policy language.
This is a non-normative document and does
not provide a definitive specification of the Web Services
Policy framework.
As a companion document to the primer, this document also follows the Socratic style of beginning with a question, and then answering the question.
An assertion is a piece of metadata that describes a capability related to a specific WS-Policy domain. Sets of domain-specific assertions are typically defined in a dedicated specification that describes their semantics, applicability and scoping requirements as well as their data type definition using XML Schema.
Policy assertions representing shared and visible behaviors are useful pieces of metadata to enable interoperability and tooling for automation. The key to understanding when to design policy assertions is to have clarity on the characteristics of a behavior represented by a policy assertion. Some useful ways to discover relevant behaviors are to ask questions like the following:
Is this behavior a requirement?
Is the behavior visible?
A visible behavior refers to a requirement that manifests itself on the wire. Web services provide interoperable machine-to-machine interaction among disparate systems. Web service interoperability is the capability of disparate systems to exchange data using common data formats and protocols supporting characteristics such as messaging, security, reliability and transaction. Such data formats and protocols manifest on the wire. Providers and requesters rely on wire messages conforming to such formats and protocols to achieve interoperability.
If an assertion describes a behavior that does not manifest on the wire then the assertion will not impact the interoperability of wire messages, but may still be relevant to enabling an interoperable interaction. For example, a provider may not wish to interact unless a client can accept an assertion describing provider behavior. An example is an assertion that describes the privacy notice information of a provider and the associated regulatory safeguard in place on the provider's side. For cases where the provider does not intend the assertion to impact interoperability it may mark it as ignorable.
If an assertion has no wire or message-level visible behavior then the interacting participants may require some sort of additional mechanism to indicate compliance with the assertion and to enable dispute resolution. Introducing an additional non-repudiation mechanism adds unnecessary complexity to processing a policy assertion.
Does the behavior apply to two or more Web service participants?
A shared behavior refers to a requirement that is relevant to an interoperable Web service interaction and involves two or more participants. If an assertion only describes one participant's behavior the assertion may still be relevant to enabling an interoperable interaction. An example is the use of logging or auditing by the provider. If an assertion only describes one participant's behavior then the assertion may be marked as ignorable (indicating it does not impact interoperability). An ignorable policy assertion is ignored for lax policy intersection. If an assertion is not an ignorable assertion then it is deemed important for agreement between both parties.
Does the behavior have an implied scoping to a policy subject such as service, endpoint, operation and message?
Is there a requirement that a choice must be made for successful interaction?
Sometimes providers and requesters are required to engage in certain behaviors. The use of optimization and reliable messaging are two examples.
There are already many examples in the industry that adhere to the above practices, such as
Specify both the syntax and the semantics of the assertions
If nested or parameterized assertions are defined, be clear about their usage
Describe the policy subjects the assertions can be attached to.
In this document we will explain why these practices should be followed so that the assertion developers defining such a specification will be well informed and able to adequately specify assertions for their domain.
It is expected that consumers of the metadata specified by the Assertion Authors will also benefit from understanding these practices as it will help them utilize the assertions in the context of the WS-Policy framework. A result of following the best practices will be an assertion specification that describes a contract for the consumers and providers of the capabilities and constraints of the domain.
In order for the policy framework to enable communities to express their own domain knowledge, it is necessary to provide basic functionality that all domains could exploit and then allow points of extension where authors of the various WS-Policy assertions for a particular domain can provide additional semantics.
Some policy assertions specify traditional requirements and capabilities that will ultimately manifest on the wire (e.g., authentication scheme, transport protocol selection). Other policy assertions have no wire manifestation yet are critical to proper service selection and usage (e.g., privacy policy, QoS characteristics). WS-Policy provides a single policy grammar to allow both kinds of assertions to be reasoned about in a consistent manner.
Below we capture some of the characteristics of the roles and responsibilities for the authors, consumers and providers.
Assertion Authors are a community that chooses to exploit the WS-Policy Framework by creating their own specification to define a set of assertions that express the capabilities and constraints of that target domain. The WS-Policy Framework is based on a declarative model, meaning that it is incumbent on the Assertion Authors to define both the semantics of the assertions as well as the scope of their target domain in their specification. The set of metadata for any particular domain will vary in the granularity of assertion specification required. It is the intent of this document to help communities utilize the framework in such a way that multiple WS-Policy domains can co-exist and consumers and providers can utilize the framework consistently across domains.
When using the WS-Policy Framework, any Assertion Authors defining new WS-Policy assertions must adhere to the MUST's and SHOULD's in the specification and should review the conformance section of the specification.
An assertion author should also specify a policy subject. For instance, if a policy assertion were to be used with WSDL, an assertion description should specify a WSDL policy subject.
An example of a domain specification that follows these practices is the WS-SecurityPolicy
specification [
An example of scoping individual assertions to policy subjects is also provided by the WS-Security Policy specification in Appendix A.
A consumer of WS-Policy
Assertions can be any entity that is capable of parsing a
WS-Policy XML element and selecting one alternative from the
policy. This selected alternative is then used to govern the creation of a message
to send to the subject to which the policy alternative was
attached. The WS-Policy Attachment specification defines a
set of attachment models for use with common web service
subjects: WSDL definitions [
In the degenerate case, a human could read the XML and determine if a message could be constructed conformant to the advertised policy.
It is expected that consumers of WS-Policy will include a wide range of client configurations, from stand alone client applications to "active" web service requesters that are capable of adapting to the constraints and capabilities expressed in a WS-Policy document and modifying their own configurations dynamically.
A provider who expresses capabilities and requirements of a Web service
as policies can be any web service implementation that can
specify its on-the-wire message behavior as a policy
expression that conforms to the Web Services Policy 1.5 - Framework [
When deploying services with policies it is useful for providers to anticipate how
to evolve their services capabilities over time. If
forward compatibility is a concern in order to accommodate
compatibility with different and potentially new clients,
providers should refer to
As Assertion Authors begin the task of inventing XML dialects to represent policy assertions they can take advantage of WS-Policy building on XML principles and XML Schema validation in their design. WS-Policy relies on the QName of a policy assertion being an XML element but allows Assertion Authors to optionally provide additional semantics through nesting assertions, or specifying assertion parameters. This section covers several aspects of assertion design and provides some answers to the following questions:
What is the intended use of the policy assertion?
Which authoring style will be used?
Is this a new policy domain? Does it need to compose with other domains?
How complex are the assertions?
Is there a need to consider nesting?
Do optional behaviors need to be represented?
Assertion Authors
Assertions can be simple or they can be complex. Assertion Authors may choose to specify multiple peer assertions, each carrying the semantic of a particular behavior, or they may choose to specify assertions that contains assertion parameters and/or nested policy expression (nested assertions), each of which relate to an aspect of the behavior, yet encapsulated within a single assertion. There are advantages to simplifying the set of assertions. The ultimate goal of policy is to enable interoperability. By keeping assertion design as simple as possible, Assertion Authors will more likely be able to meet that objective.
The WS-Policy Attachment specification defines a number of different
policy subjects to which an assertion can be attached. For attaching to
WSDL subjects see
Best practice: Assertion Authors should include the following items in an assertion specification:
WS-Policy supports two different authoring styles, compact form and normal form. A compact form is one in which an expression consists of three constructs: an attribute to decorate an assertion (to indicate whether it is required or optional), semantics for recursively nested policy operators, and a policy reference/inclusion mechanism. A policy expression in the compact form can be translated into its normal form using the policy normalization algorithm described in the Web Service Policy Framework (see section 4.3 Compact Policy Expression).
wsp:optional
When creating a new policy domain, it is important to understand how policy expressions are used by a framework implementation that has followed the specifications.
The examples given in this document reference WS-Policy like WS-SecurityPolicy and WS-RM Policy. These policy expressions represent web services message exchange requirements, but policy authoring can be done by individual groups that wish to represent web services application requirements and deployments that wish to reuse the WS-Policy framework in order to enable dynamic negotiation of business requirements and capabilities at runtime.
New Assertion Authors are encouraged to try to not overload assertions. A single assertion indicates a single behavior. Sets of assertions can by grouped by an operator "all". This indicates that there is a relationship between the assertions and they now constitute a policy alternative.
If grouping is utilized, choices between alternatives can be indicated by an "exactly one" operator. This basic set of operators allows Assertion Authors a wide range of options for expressing the possible combinations of assertions within their domain.
It requires a good deal of effort to evaluate the
capabilities of a domain and capture them in a way that
reflects the options of the domain if the domain has a lot of
assertions to define. Interoperability testing of new policy
domains is recommended to ensure that consumers and providers
are able to use the new domain assertions.
Web Services Policy language allows Assertion Authors to invent
their own XML dialects to represent policy assertions. The policy language relies only
on the policy assertion XML element QName. This QName is unique and identifies the
behavior represented by a policy assertion. Assertion Authors have the option to
represent an assertion parameter as a child element (by leveraging natural XML nesting)
or an attribute of an assertion. The general guidelines on when to use XML elements
versus attributes
The syntax of an assertion can be represented using an XML outline (plus an XML schema
document). If the assertion has a nested policy expression then the assertion XML
outline can enumerate the nested assertions that are allowed.
WS-Policy is intended to communicate the requirements, capabilities and behaviors of nodes that provide the message's path, not specifically to declare properties of the message semantics. One of the advantages of Web services is that an XML message can be stored and later examined (e.g. as a record of a business transaction) or interpreted by an intermediary; however, if information that is necessary to understand a message is not available, these capabilities suffer.
Policy assertions should not be used to express the semantics of a message. Rather, if a property is
required to understand a message, it should be communicated in the message, or be made available by some other means (e.g., being
referenced by a URI in the message) instead of being communicated as a policy element.
Note that there are other specifications that target specification of semantics of a message, such as
When considering the creation of a
new domain of policy assertions, it is important to identify
whether or not the domain is self-contained or at least if a
subset of the domain can be well defined. A domain that
expresses a broad set of capabilities will also need to have
The model advocated for new assertion development is a cooperative marketplace [some might say it is an "opt-in" model]. The providers of services need to find value in the set of assertions or they will not include the assertions in their service descriptions.
There are two different ways to provide additional information in an assertion beyond its type. We cover these two cases below followed by a comparison of these approaches targeting when to use either of the approach.
In the example below, sp:Body and sp:Header
elements are the two assertion parameters of the
sp:SignedParts policy assertion
(this assertion requires the parts of a message to be protected).
policy intersection.
The framework provides the ability to "nest" policy assertions. For domains with a complex set of options, nesting provides one way to indicate dependent elements within a behavior. The granularity of assertions is determined by the authors and it is recommended that care be taken when defining nested policies to ensure that the options provided appropriately specify policy alternatives within a specific behavior.
We will use the WS-SecurityPolicy to illustrate the use of nested assertions.
Securing messages is a complex usage scenario. The WS-SecurityPolicy Assertion Authors have defined the
sp:TransportBinding policy assertion to indicate
the use of transport-level security for protecting
messages. Just indicating the use of transport-level security
for protecting messages is not sufficient. To successfully
interact with a Web service, the consumer must know not only
that transport-level security is required, but also the
transport token to use, the secure transport to use, the
algorithm suite to use for performing cryptographic
operations, etc. The sp:TransportBinding policy
assertion can represent these dependent behaviors.
A policy assertion like the sp:TransportBinding
identifies a visible behavior that is a requirement. A nested
policy expression can be used to enumerate the dependent
behaviors on the Transport binding. A nested policy expression
is a policy expression that is a child element of another
policy assertion element. A nested policy expression further
qualifies the behavior of its parent policy assertion.
In the example below, the child Policy element is a nested
policy expression and further qualifies the behavior of the
sp:TransportBinding policy assertion. The
sp:TransportToken is a nested policy assertion of
the sp:TransportBinding policy assertion. The
sp:TransportToken assertion requires the use of a
specific transport token and further qualifies the behavior of
the sp:TransportBinding policy assertion (which
already requires the use of transport-level security for
protecting messages).
The sp:AlgorithmSuite is a nested policy assertion of
the sp:TransportBinding policy assertion. The sp:AlgorithmSuite
assertion requires the use of the algorithm suite identified by its nested policy
assertion (sp:Basic256Rsa15
sp:TransportBinding policy assertion.
Setting aside the details of using transport-level security, a policy-aware client that recognizes this policy assertion can engage transport-level security and its dependent behaviors automatically. This means the complexity of security usage is absorbed by a policy-aware client and hidden from Web service application developers.
Assertion authors should note the effect of nested policy expressions on policy intersection in their nested policy design. The result of intersecting an assertion that contains an empty nested policy expression with an assertion of the same type without a nested policy expression is that the assertions are not compatible. Therefore, when providers require dependent behaviors these behaviors should be explicitly specified as assertions in a nested policy expression. When the definition of an assertion allows for nested dependent behaviors, but the use of the assertion only contains an empty nested policy expression, this specific use indicates the specification of no nested dependent behaviors. This use must not be interpreted as being compatible with "any" of the nested dependent behaviors that are allowed by the assertion, unless otherwise specified by the assertion definition.
As an example, WS-Security Policy defines sp:HttpToken assertion to
contain three possible nested elements, sp:HttpBasicAuthentication,
sp:HttpDigestAuthentication and sp:RequireClientCertificate. When the
HttpToken is used with an empty nested policy in a policy expression
by a provider, it will indicate that none of the dependent behaviors
namely authentication or client certificate is required.
A non-anonymous client who requires authentication or client certificate will not be able to use this provider solely on the basis of intersection algorithm alone.
algorithm.
framework.
Optional behaviors represent behaviors wsp:Optional attribute
selected.
Since optional behaviors indicate optionality for
both the provider and the consumer, behaviors that must
always be engaged by a consumer must not be marked as
"optional" with a value "true" since
exchange.
The target scope of an optional assertion is an important factor for
Assertion Authors to consider as it determines the
When optional behaviors are indicated by attaching assertions with
only one side of an interaction, such as an inbound message of
a
request-response, the engagement of the rest of the
Assertion Authors should
A behavior identified by a policy assertion applies to the
associated policy subject. If a policy assertion is to be used
within WSDL,
The
If the behavior applies to any message exchange using any of the endpoints offered by a service then the subject is the service policy subject.
If the behavior applies to any message exchange made using an endpoint then the subject is the endpoint policy subject.
If the behavior applies to any message exchange defined by an operation then the subject is the operation policy subject.
If the behavior applies to an input message then the subject is the message policy subject - similarly for output and fault message policy subjects.
Assertion
For a given WSDL policy subject, there may be several
attachment points. For example, there are three attachment
points for the endpoint policy subject: the port, binding and
portType element. Assertion
In using WSDL attachment, it should be noted that the
service policy subject is a collection of endpoint policy
subjects. The endpoint policy subject is a collection of
operation policy subjects and
Assertion authors need to be clear about how assertions defined in their domain may fit with assertions for interrelated domains. A classic example of such an interrelated domain is security, because security tends to cut across all aspects of a solution.
One example is the definition
of additional assertions
related to the interrelated security domain [
Assertion authors should not duplicate existing assertions and should also make sure that when adding assertions those new assertions are consistent with pre-existing assertions of any interrelated domain.
Assertion Authors need to consider not just the expression of the current set of requirements but how they anticipate new assertions being added to the set. There are three aspects to versioning policy assetions:
Assertion Extensibility
Policy Language Extensibility
Over time, the Policy WG or third parties can version or extend the Policy Language with new or modified constructs. These constructs may be compatible or incompatible with previous versions.
Assertion Authors should review the WS-Policy Primer
The current WS-Policy language
Policy: element from ##other namespace and any attribute
ExactlyOne, All: element from ##other namespace; no attribute extensibility
PolicyReference: any element and any attribute
PolicyAttachment: element from ##other namespace and any attribute
AppliesTo: any element and any attribute
URI: any attribute
Supporting New Policy Subjects
The sp:issuedToken assertion utilizes the
sp:RequestSecurityTokenTemplate parameter that contains necessary
information to request a security token. The contents of the parameter
are static and allows reuse in different security scenerios.
Over time, there may be multiple equivalent behaviors emerging in the Web
Service interaction space. Examples of such multiple equivalent behaviors are WSS: SOAP Message Security 1.0
vs. 1.1 and WS-Addressing August 2004 version vs. WS-Addressing W3C Recommendation
[
The policy expression in the example below requires the use of WSS: SOAP Message Security 1.0.
The policy expression in the example below requires the use of WSS: SOAP Message Security 1.1. These are multiple equivalent behaviors and are represented using distinct policy assertions.
Best practice: use independent assertions for modeling multiple equivalent behaviors.
When the assertion's semantics do not change to invalidate any of the original policy subjects but new policy subjects need to be added, it may be possible to use the same assertion to designate the additional policy subjects without a namespace change. For example, a policy assertion for a protocol that is originally designed for endpoint policy subject may add message policy subject to indicate finer granularity in the attachment provided that endpoint policy subject is also retained in its design. When new policy subjects are added it is incumbent on the authors to retain the semantic of the policy assertion.
If the policy subjects change over time,
the assertion description should also be versioned to reflect this
change.
Policy attachment should not affect the interpretation of Policy alternatives. If it did, each policy assertion would need to be written with different (and possibly unknown) attachment mechanisms in mind.
Each policy attachment mechanism should unambiguously identify the subject of the attached assertions. Generally, this should be a specific SOAP node or a specific message between two SOAP nodes. Some attachment mechanisms may encompass multiple notes or messages, for example, "the message along its entire path".
If the best practices are followed, and the assertions are scoped according to their subject, then multiple policy domains may be combined without conflict. Each domain should define any limitations at the policy subject level that might impact interoperability (i.e. WS-SecurityPolicy - binding abstraction to group capabilities per message exchange).
As with identifying Policy subjects, policy attachment
mechanisms should make it possible to clearly identify the
source of a policy assertion both for debugging and for
verification. This could take several forms: it could be
assumed (in WSDL, the source of the assertion is the same
as the WSDL provider) or it could be proven (using
To illustrate the topics explored in this document, we include an example of a web service and how a fictitious company might utilize the WS-Policy Framework to enable Web Service interoperability. Company A has determined to utilize WS-Security, WS-Addressing and WS-Reliable Messaging in all its new web service offerings and has instructed its developers to use the policy assertions defined by the following documents:
Web Services Security Policy
Web Services Reliable Messaging Policy
Web Services Addressing WSDL Binding
The application developers at Company A are instructed to review the current web services at Company A and propose a plan for adding policy assertions.
The application developers collect information about web services within Company A and determine that all of the web services already have a WSDL 1.1 description. The developers have determined that Company A's web services fall into two types of web services. There are those that fall into the "default" category, and will use a predefined set of policy assertions, and there are those that use the default but also extend the policy alternatives.
They have also determined that for the both types, the appropriate policy subject is the endpoint. They determined this because the capabilities apply to all operations and messages for the web service not to any one individual operation or message exchange.
Service A is a WSDL 1.1 conformant web service and requires
the use of transport-level security for protecting messages as
well as including addressing headers. Employees of Company A have
already incorporated wss:Security headers into their
messages.
The SOAP message in the example above includes security timestamps that express creation and expiration times of this message. Company A requires the use of these security timestamps and transport-level security, such as HTTPS for protecting messages.
The example below illustrates a policy expression that CompanyA has created for its employees to use on their web services to indicate the use of addressing and transport-level security for securing messages.
The sp:TransportBinding element is a policy assertion. The
assertion identifies the use of transport-level-security - such
as HTTPS for protecting messages at the transport
level. Company A's policy aware clients can now recognize this
policy assertion and if they support it, engage in transport
level security for protecting messages and providing security
timestamps in SOAP envelopes for any WSDL with this policy
attached.
When creating the policy for the default web services, the developers took into consideration several factors. First, all their web services were WSDL 1.1 web services. Second, they wanted to reuse policy assertions where ever possible. Third, they wanted to ensure that where possible they would support alternatives rather than forcing a single client configuration.
The developers read the WS-Policy specification and noted that there were three ways to express combinations of behaviors. The three policy operators, (Policy, All and ExactlyOne) were considered and the result was the creation of two policy elements.
The first policy is shown in Figure
The second policy is shown in Figure
We have shown above that Company A offered a second profile that included two security options. The details of the Bindings, requires a more detailed exploration of some of the other features of the WS-Policy Framework.
When Assertion Authors create sets of Policy assertions, like
WS-Security Policy they need to consider expressing the semantics
of their domain in a way that policy consumers, like Company A,
can utilize them. In this case, the WS-SecurityPolicy Assertion Authors
factored out common elements of security mechanisms and utilized a
feature of WS-Policy called "nested" assertions. In the case of
an sp:TransportBinding assertion, just indicating the use of
transport-level security for protecting messages is not
sufficient. For a consumer of a web service provided by a company,
like Company A, to successfully interact, the consumer must also
know what transport token, what algorithm suite, etc. is
required. The sp:TransportBinding assertion, can (and has)
represent (ed) these dependent behaviors as "nested" policy
assertions.
In the example below the child Policy element is a nested
policy behavior and further qualifies the behavior of the
sp:TransportBinding policy assertion.
The sp:AlgorithmSuite is a nested policy
assertion of the sp:TransportBinding assertion and
indicates that this suite is required. The
sp:TransportToken is a nested policy assertion that
indicates the use of a specific type of token, in this case an
HttpsToken.
It should be noted that each policy has an Identifier. In the case of the default policy expression, Company A has decided that this policy expression should be broadly available via a URI. There are advantages and disadvantages to using each type of identifier. For URI's there is the issue of maintaining the policy expression when it may no longer be used (Company A gets bought by Company B and starts using the policies of Company B, but some "old" consumers may still try to reference the URI).
For the second type of web services, which may be used only by certain of Company A's business partners, the id is an XML ID. The relative URI for referencing this within the same WSDL document is #CompanyA-ProfileB. This can be useful for company's when the policy expressions are agreed to between partners but may be changed as the business agreements change. But the disadvantage is that the policy expression must be included in each WSDL document.
Since Company A has decided to use well known policy expressions that are part of a specification, they adhere to the guidance given in the WS-SecurityPolicy specification and attach the policies to the web service endpoint policy subject as recommended by the WS-SecurityPolicy specification. For the default web services, the URI is included in the wsdl binding for each web service.
The partner specified policy is included in the beginning of the WSDL 1.1 document and referenced by the binding for the service as in the example below.
In some cases, companies may chose to implement their own assertions. When companies chose to become Assertion Authors they need to consider not only the definition of the behavior that the assertion represents but they need to consider how new assertions will be intersected and merged with other assertions in the calculation of an effective policy and this also indicates they need to consider policy subjects.
The WS-Policy 1.5 - Attachment specification defines algorithms for calculating the effective policy for a given policy subject and effective policies for WSDL 1.1, WSDL 2.0 and UDDI policy subjects.
Security considerations are discussed in the
The table below lists XML Namespaces that are used in this document. The choice of any namespace prefix is arbitrary and not semantically significant.
| Prefix | XML Namespace | Specifications |
|---|---|---|
soap
|
http://www.w3.org/2003/05/soap-envelope
| [ |
sp
|
| [ |
wsa
|
http://www.w3.org/2005/08/addressing
| [ |
wsdl
|
http://schemas.xmlsoap.org/wsdl/
| [ |
wsp
|
http://www.w3.org/ns/ws-policy
| [ |
wsrmp
|
http://docs.oasis-open.org/ws-rx/wsrmp/200608
| [ |
wss
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
| [ |
wsu
|
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
| [ |
This document is the work of the
Members of the Working Group are (at the time of writing, and by alphabetical order): Dimitar Angelov (SAP AG), Abbie Barbir (Nortel Networks), Charlton Barreto (Adobe Systems Inc.), Sergey Beryozkin (IONA Technologies, Inc.), Vladislav Bezrukov (SAP AG), Toufic Boubez (Layer 7 Technologies), Symon Chang (BEA Systems, Inc.), Paul Cotton (Microsoft Corporation), Jeffrey Crump (Sonic Software), Glen Daniels (Sonic Software), Jacques Durand (Fujitsu Limited), Ruchith Fernando (WSO2), Christopher Ferris (IBM Corporation), William Henry (IONA Technologies, Inc.), Frederick Hirsch (Nokia), Maryann Hondo (IBM Corporation), Tom Jordahl (Adobe Systems Inc.), Paul Knight (Nortel Networks), Philippe Le Hégaret (W3C/MIT), Mark Little (JBoss Inc.), Ashok Malhotra (Oracle Corporation), Monica Martin (Sun Microsystems, Inc.), Arnaud Meyniel (Axway Software), Jeff Mischkinsky (Oracle Corporation), Dale Moberg (Axway Software), Anthony Nadalin (IBM Corporation), Bob Natale (MITRE Corporation), David Orchard (BEA Systems, Inc.), Fabian Ritzmann (Sun Microsystems, Inc.), Daniel Roth (Microsoft Corporation), Tom Rutt (Fujitsu Limited), Sanka Samaranayake (WSO2), Felix Sasaki (W3C/Keio), Skip Snow (Citigroup), Yakov Sverdlov (CA Inc.), Mark Temple-Raston (Citigroup), Asir Vedamuthu (Microsoft Corporation), Sanjiva Weerawarana (WSO2), Ümit Yalçinalp (SAP AG), Prasad Yendluri (webMethods, Inc.).
Previous members of the Working Group were: Jeffrey Crump (Sonic Software), Jong Lee (BEA Systems, Inc.), Bob Natale (MITRE Corporation), Bijan Parsia (University of Manchester), Seumas Soltysik (IONA Technologies, Inc.).
The people who have contributed to
A list of substantive changes since the Working Draft dated
Rewrote section and added two new best practices:
Rewrote section .
Dropped section 4.6 Typing Assertions.
| Date | Author | Description |
|---|---|---|
| 20060829 | UY | Created first draft based on agreed outline and content |
| 20061013 | UY | Editorial fixes (suggested by Frederick), fixed references, bibl items, fixed dangling pointers, created eds to do |
| 20061018 | MH | Editorial fixes for readability, added example for Encrypted parts |
| 20061030 | UY | Fixes for Paul Cotton's editorial comments (20061020) |
| 20061031 | UY | Fixes for Frederick's editorial comments (20061025) |
| 20061031 | UY | Optionality discussion feedback integration |
| 20061115 | MH | First attempt at restructuring to include primer content |
| 20061120 | MH | Restructure to address action items 64,77, which refer to bugzilla 3705 and F2F RESOLUTION 3792 |
| 20061127 | ASV | Updated the list of editors. Added
|
| 20061128 | MH | Replaced section in Lifecycle with pointer to the text in the primer: related to action 77 |
| 20061129 | FJH | Editorial revision (editorial actions
|
| 20061129 | ASV | Formatted examples in |
| 20061218 | FS | Formatted examples in |
| 20061219 | TIB | Editorial revision: most parts of editorial action
|
| 20061220 | TIB | Editorial revision: completed missing parts of editorial action
|
| 20061226 | MH | Editorial revision: reconciled terms related to "Assertion Authors"
|
| 20070104 | UY | Resolution of Issue |
| 20070104 | UY | Resolution of Issue |
| 20070108 | ASV | Reset Section |
| 20070122 | PY | Completed action item:
|
| 20070130 | UY | Completed action item:
|
| 20070130 | UY | Completed action item:
|
| 20070130 | UY | Completed action item:
|
| 20070130 | UY | Completed action item:
|
| 20070130 | UY | Fixed SAWSDL ref name |
| 20070131 | FJH | Fixed numerous spelling and typo errors. Implement resolution for issue
|
| 20070221 | MH | Partial implementation for issue
|
| 20070306 | ASV | Implemented partial
|
| 20070308 | DBO | Changed "lifecycle" spec references to versioning to fix build. |
| 20070314 | FJH | Implemented |
| 20070314 | FJH | Implemented |
| 20070315 | ASV | Implemented the |
| 20070315 | ASV | Implemented the |
| 20070315 | FJH | Implemented |
| 20070319 | MH | Implemented resolution for issue
|
| 20070320 | ASV | Implemented the |
| 20070320 | ASV | Implemented the |
| 20070320 | ASV | Implemented the |
| 20070321 | ASV | Updated section |
| 20070329 | DBO | Changed all <p>Best Practice: to <p role="practice"> |
| 20070416 | DBO | Updated 6.2 and 6.3 for |
| 20070423 | FJH | Updated 5.5 Designating Optional Behaviors for
|
| 20070425 | MH | Updated 5.3 "Considerations when Modeling New Assertions" related to
|
| 20070425 | TIB | Updated 5.2 Authoring Styles for
|
| 20070426 | PY | Editorial changes to align with the OASIS WS-SecurityPolicy specification.
For |
| 20070427 | FJH | Updated 5.5.1 Optional behavior in Compact authoring adding G7 and G8 for
|
| 20070501 | ASV | Reset Section |
| 20070507 | PY | Updated 5.6 WSDL guidelines section, to follow the new format and added G15, G16, G17 and G18.
Accounts for parts of resolution for
|
| 20070507 | TIB | Updated 5.1 Assertions and their Target Use for
|
| 20070508 | MH | Updated Section 5 for adding guidelines G9, G10 on ignorable, and G5 , G6 (general)
to address editors' action items
|
| 20070511 | PY | Updated 5.6 WSDL guidelines section to add G19 identified in AI 256 (now G24).
Accounts for parts of resolution for
|
| 20070513 | ASV | Updated Section 5.4.1 to use the new format re issue
|
| 20070514 | ASV | Updated Section 5.4.2 to use the new format re issue
|
| 20070514 | ASV | Added G11 and G13 to Section 5.4.1 and 5.4.2 re issue
|
| 20070516 | PY | Editorial change to section 5.7 to place best practices after the associated explanatory text and to fix grammar. |
| 20070518 | PY | Ensured Good Practices G1, G3 and G20 of
|
| 20070518 | PY | Updated Appendix E, Changes in this Version of the Document
( |
| 20070520 | ASV | Added Good Practice |
| 20070520 | ASV | Added Good Practice |
| 20070520 | ASV | Added an ed note that
Section |
| 20070520 | ASV | Fixed typos. |
| 20070520 | ASV | Added an ed note in Section |