Issue 4015: Policy checking requirements for the OTSPolicy (ots-rtf) Source: International Business Machines (Mr. Thomas Freund, nobody) Nature: Uncategorized Issue Severity: Summary: The problem is to add clarification to the document to state that the policy checking requirements for the OTSPolicy. To summarize Michi's suggested proposal (attached below) this would server-side checking for OTSPolicy is mandatory - making client-side checking for OTSPolicy optional. Client-side checking for OTSPolicy are not required but allowed for effeciency. The same semantics apply. (NB: This is ONLY for OTSPolicies ... nothing else). Resolution: Revised Text: Actions taken: November 3, 2000: received issue Discussion: End of Annotations:===== From: TJFREUND@uk.ibm.com Received: from d06mta10.portsmouth.uk.ibm.com (d06mta09_cs0 [9.180.35.6]) by d06relay01.portsmouth.uk.ibm.com (8.8.8m3/NCO v4.95) with SMTP id KAA94792 for ; Thu, 2 Nov 2000 10:37:49 GMT Received: by d06mta10.portsmouth.uk.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8025698B.003A630A ; Thu, 2 Nov 2000 10:37:44 +0000 X-Lotus-FromDomain: IBMGB To: ots-rtf@omg.org Message-ID: <8025698B.003A6184.00@d06mta10.portsmouth.uk.ibm.com> Date: Thu, 2 Nov 2000 10:35:15 +0000 Subject: Re: OTS RTF interim report Mime-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset=us-ascii X-UIDL: lKpd9^WE!!US9!!:ZZ!! Was there ever an issue raised to track the following proposal? Regards, Tom ---------------------- Forwarded by Tom Freund/UK/IBM on 02/11/2000 10:32 --------------------------- Michi Henning on 18/10/2000 22:36:03 Please respond to Michi Henning To: Jeffrey Mischkinsky cc: OTS RTF Subject: Re: OTS RTF interim report On Wed, 18 Oct 2000, Jeffrey Mischkinsky wrote: > Thanks Tom. I will now stop be confused by general statements about client-side checking and assume that we are ONLY focused on what to do with OTSPolicy > checking (which I agree is worth voting on to resolve what the client and > server side requirements are--once and for all.) OK. Here is a specific proposal: I suggest we mandate checking on the server side. I see this as necessary because it is the conservative thing to do. With server-side checking mandatory, the client-side checking becomes optional. If present, things are a bit more efficient. If absent, you get the same semantics as if present. Comments? Cheers, Michi. -- Michi Henning +61 7 3891 5744 Object Oriented Concepts +61 4 1118 2700 (mobile) Suite 4, 904 Stanley St +61 7 3891 5009 (fax) East Brisbane 4169 michi@ooc.com.au AUSTRALIA http://www.ooc.com.au/staff/michi-henning.html Date: Thu, 2 Nov 2000 16:26:02 -0800 From: Blake Biesecker To: TJFREUND@uk.ibm.com Cc: ots-rtf@omg.org Subject: Re: OTS RTF interim report Message-ID: <20001102162602.A23265@gemstone.com> References: <8025698B.003A6184.00@d06mta10.portsmouth.uk.ibm.com> Mime-Version: 1.0 X-Mailer: Mutt 1.0pre4i In-Reply-To: <8025698B.003A6184.00@d06mta10.portsmouth.uk.ibm.com>; from TJFREUND@uk.ibm.com on Thu, Nov 02, 2000 at 10:35:15AM +0000 X-Disclaimer: I only speak for myself, unless I expressly indicate otherwise. Content-Type: text/plain; charset=us-ascii X-UIDL: "5@!!k^U!!:fl!!3cSd9 I don't see anything issue that addresses this topic. Do you have time to clarify the problem so that Juergen has a more complete description to work with? Blake On Thu, Nov 02, 2000 at 10:35:15AM +0000, TJFREUND@uk.ibm.com wrote: > > > Was there ever an issue raised to track the following proposal? > > Regards, > Tom > ---------------------- Forwarded by Tom Freund/UK/IBM on 02/11/2000 10:32 > --------------------------- > > Michi Henning on 18/10/2000 22:36:03 > > Please respond to Michi Henning > > To: Jeffrey Mischkinsky > cc: OTS RTF > Subject: Re: OTS RTF interim report > > > > > On Wed, 18 Oct 2000, Jeffrey Mischkinsky wrote: > > > Thanks Tom. I will now stop be confused by general statements about > client-side checking and assume that we are ONLY focused on what to do with > OTSPolicy > > checking (which I agree is worth voting on to resolve what the client and > > server side requirements are--once and for all.) > > OK. Here is a specific proposal: > > I suggest we mandate checking on the server side. I see this as necessary > because it is the conservative thing to do. With server-side checking > mandatory, the client-side checking becomes optional. If present, things > are a bit more efficient. If absent, you get the same semantics as if > present. > > Comments? > > Cheers, > > Michi. > -- > Michi Henning +61 7 3891 5744 > Object Oriented Concepts +61 4 1118 2700 (mobile) > Suite 4, 904 Stanley St +61 7 3891 5009 (fax) > East Brisbane 4169 michi@ooc.com.au > AUSTRALIA http://www.ooc.com.au/staff/michi-henning.html > > > > From: TJFREUND@uk.ibm.com Received: from d06mta10.portsmouth.uk.ibm.com (d06mta09_cs0 [9.180.35.6]) by d06relay02.portsmouth.uk.ibm.com (8.8.8m3/NCO v4.95) with SMTP id IAA129938; Fri, 3 Nov 2000 08:09:50 GMT Received: by d06mta10.portsmouth.uk.ibm.com(Lotus SMTP MTA v4.6.5 (863.2 5-20-1999)) id 8025698C.002CD5F7 ; Fri, 3 Nov 2000 08:09:43 +0000 X-Lotus-FromDomain: IBMGB To: Blake Biesecker cc: ots-rtf@omg.org Message-ID: <8025698C.002CD495.00@d06mta10.portsmouth.uk.ibm.com> Date: Fri, 3 Nov 2000 08:07:17 +0000 Subject: Re: OTS RTF interim report Mime-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset=us-ascii X-UIDL: ?YY!!Fj9e9`4Od9J)K!! Blake, Well I didn't do so great last time I suggested a problem description ... but here goes (my apologies to everyone in advance if I get it wrong, again). The problem is to add clarification to the document to state that the policy checking requirements for the OTSPolicy. To summarize Michi's suggested proposal (attached below) this would server-side checking for OTSPolicy is mandatory - making client-side checking for OTSPolicy optional. Client-side checking for OTSPolicy are not required but allowed for effeciency. The same semantics apply. (NB: This is ONLY for OTSPolicies ... nothing else). Regards, Tom Blake Biesecker on 03/11/2000 00:26:02 Please respond to Blake Biesecker To: Tom Freund/UK/IBM@IBMGB cc: ots-rtf@omg.org Subject: Re: OTS RTF interim report I don't see anything issue that addresses this topic. Do you have time to clarify the problem so that Juergen has a more complete description to work with? Blake On Thu, Nov 02, 2000 at 10:35:15AM +0000, TJFREUND@uk.ibm.com wrote: > > > Was there ever an issue raised to track the following proposal? > > Regards, > Tom > ---------------------- Forwarded by Tom Freund/UK/IBM on 02/11/2000 10:32 > --------------------------- > > Michi Henning on 18/10/2000 22:36:03 > > Please respond to Michi Henning > > To: Jeffrey Mischkinsky > cc: OTS RTF > Subject: Re: OTS RTF interim report > > > > > On Wed, 18 Oct 2000, Jeffrey Mischkinsky wrote: > > > Thanks Tom. I will now stop be confused by general statements about > client-side checking and assume that we are ONLY focused on what to do with > OTSPolicy > > checking (which I agree is worth voting on to resolve what the client and > > server side requirements are--once and for all.) > > OK. Here is a specific proposal: > > I suggest we mandate checking on the server side. I see this as necessary > because it is the conservative thing to do. With server-side checking > mandatory, the client-side checking becomes optional. If present, things > are a bit more efficient. If absent, you get the same semantics as if > present. > > Comments? > > Cheers, > > Michi. > -- > Michi Henning +61 7 3891 5744 > Object Oriented Concepts +61 4 1118 2700 (mobile) > Suite 4, 904 Stanley St +61 7 3891 5009 (fax) > East Brisbane 4169 michi@ooc.com.au > AUSTRALIA http://www.ooc.com.au/staff/michi-henning.html > > > > Proposed Resolution: This is simpler after the 2002 Vote 1. The server side enforces the FORBIDS and REQUIRES policies (as always). A client may or may not enforce the various OTSPolicies; however, if it does not perform any policy checking, it shall always propagate the current transaction context if there is one. Proposed Revised Text: Need new text for 2.14.2.1 Policy Checking Requirements ... any volunteer? Actions taken: November 3, 2000: received issue