Author: nandana
Date: Thu Aug 27 21:56:29 2009
New Revision: 808655
URL: http://svn.apache.org/viewvc?rev=808655&view=rev
Log:
RAMPART-242 Applying the patch. Thanks Thilina.
Added:
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
Modified:
webservices/rampart/branches/java/1_5/modules/rampart-integration/pom.xml
Modified:
webservices/rampart/branches/java/1_5/modules/rampart-integration/pom.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-integration/pom.xml?rev=808655&r1=808654&r2=808655&view=diff
==============================================================================
--- webservices/rampart/branches/java/1_5/modules/rampart-integration/pom.xml
(original)
+++ webservices/rampart/branches/java/1_5/modules/rampart-integration/pom.xml
Thu Aug 27 21:56:29 2009
@@ -62,8 +62,8 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
- <source>1.4</source>
- <target>1.4</target>
+ <source>1.5</source>
+ <target>1.5</target>
</configuration>
</plugin>
<plugin>
Added:
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java?rev=808655&view=auto
==============================================================================
---
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
(added)
+++
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenCertForHoKTest.java
Thu Aug 27 21:56:29 2009
@@ -0,0 +1,131 @@
+package org.apache.rahas;
+
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+public class RahasSAML2TokenCertForHoKTest extends TestClient{
+ public RahasSAML2TokenCertForHoKTest(String name) {
+ super(name);
+ }
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setEncryptionUser("ip");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
+
TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
+
RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
+
TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
+ rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+ TrustUtil.createAppliesToElement(rstElem,
"http://localhost:5555/axis2/services/SecureService";, this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem,
RahasConstants.KEY_TYPE_PUBLIC_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02,
rstElem, 256);
+
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ System.out.println("Running SAML2 Test with Public Key as the KeyType
in RST.");
+ OMElement rst = resp.getFirstChildWithName(new
QName(RahasConstants.WST_NS_05_02,
+ RahasConstants.IssuanceBindingLocalNames.
+ REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new
QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
+ assertNotNull("Missing SAML2 Assertion", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02,
RahasConstants.RST_ACTION_ISSUE);
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return
this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return
this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem =
factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
elem).setText(RahasConstants.TOK_TYPE_SAML_10);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem,
RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem,
256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+
+}
Added:
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java?rev=808655&view=auto
==============================================================================
---
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
(added)
+++
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/java/org/apache/rahas/RahasSAML2TokenTest.java
Thu Aug 27 21:56:29 2009
@@ -0,0 +1,129 @@
+/*
+ * Copyright 2004,2005 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.rahas;
+
+import org.apache.axiom.om.OMElement;
+import org.apache.axiom.om.OMFactory;
+import org.apache.axiom.om.OMAbstractFactory;
+import org.apache.rampart.handler.config.OutflowConfiguration;
+import org.apache.rampart.handler.config.InflowConfiguration;
+import org.apache.neethi.Policy;
+import org.apache.ws.secpolicy.SP11Constants;
+import org.opensaml.XML;
+
+import javax.xml.namespace.QName;
+public class RahasSAML2TokenTest extends TestClient{
+ /**
+ * @param name
+ */
+ public RahasSAML2TokenTest(String name) {
+ super(name);
+ }
+
+
+ public OutflowConfiguration getClientOutflowConfiguration() {
+ OutflowConfiguration ofc = new OutflowConfiguration();
+
+ ofc.setActionItems("Signature Encrypt Timestamp");
+ ofc.setUser("alice");
+ ofc.setSignaturePropFile("rahas/rahas-sec.properties");
+ ofc.setPasswordCallbackClass(PWCallback.class.getName());
+ return ofc;
+ }
+
+ public InflowConfiguration getClientInflowConfiguration() {
+ InflowConfiguration ifc = new InflowConfiguration();
+
+ ifc.setActionItems("Signature Encrypt Timestamp");
+ ifc.setPasswordCallbackClass(PWCallback.class.getName());
+ ifc.setSignaturePropFile("rahas/rahas-sec.properties");
+
+ return ifc;
+ }
+
+ public String getServiceRepo() {
+ return "rahas_service_repo_1";
+ }
+
+ public OMElement getRequest() {
+ try {
+ OMElement rstElem =
TrustUtil.createRequestSecurityTokenElement(RahasConstants.VERSION_05_02);
+ TrustUtil.createRequestTypeElement(RahasConstants.VERSION_05_02,
rstElem, RahasConstants.REQ_TYPE_ISSUE);
+ OMElement tokenTypeElem =
TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02, rstElem);
+ tokenTypeElem.setText(RahasConstants.TOK_TYPE_SAML_20);
+
+ TrustUtil.createAppliesToElement(rstElem,
"http://localhost:5555/axis2/services/SecureService";, this.getWSANamespace());
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02,
+ rstElem, RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02,
rstElem, 256);
+
+ return rstElem;
+
+ } catch (Exception e) {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void validateRsponse(OMElement resp) {
+ System.out.println(" Running SAML2 Test with Symmetric Key As the
KeyType in RST. ");
+ OMElement rst = resp.getFirstChildWithName(new
QName(RahasConstants.WST_NS_05_02,
+
RahasConstants.IssuanceBindingLocalNames.
+
REQUESTED_SECURITY_TOKEN));
+ assertNotNull("RequestedSecurityToken missing", rst);
+ OMElement elem = rst.getFirstChildWithName(new
QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion"));
+ assertNotNull("Missing SAML2 Assertion", elem);
+ }
+
+
+ public String getRequestAction() throws TrustException {
+ return TrustUtil.getActionValue(RahasConstants.VERSION_05_02,
RahasConstants.RST_ACTION_ISSUE);
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getServicePolicy()
+ */
+ public Policy getServicePolicy() throws Exception {
+ return
this.getPolicy("test-resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml");
+ }
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getSTSPolicy()
+ */
+ public Policy getSTSPolicy() throws Exception {
+ return
this.getPolicy("test-resources/rahas/policy/sts-policy-asymm-binding.xml");
+ }
+
+
+ /* (non-Javadoc)
+ * @see org.apache.rahas.TestClient#getRSTTemplate()
+ */
+ public OMElement getRSTTemplate() throws TrustException {
+ OMFactory factory = OMAbstractFactory.getOMFactory();
+ OMElement elem =
factory.createOMElement(SP11Constants.REQUEST_SECURITY_TOKEN_TEMPLATE);
+
+ TrustUtil.createTokenTypeElement(RahasConstants.VERSION_05_02,
elem).setText(RahasConstants.TOK_TYPE_SAML_20);
+ TrustUtil.createKeyTypeElement(RahasConstants.VERSION_05_02, elem,
RahasConstants.KEY_TYPE_SYMM_KEY);
+ TrustUtil.createKeySizeElement(RahasConstants.VERSION_05_02, elem,
256);
+
+ return elem;
+ }
+
+ public int getTrstVersion() {
+ return RahasConstants.VERSION_05_02;
+ }
+}
Added:
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml?rev=808655&view=auto
==============================================================================
---
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
(added)
+++
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2-publicKey.xml
Thu Aug 27 21:56:29 2009
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
+ <t:KeyType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
+ <t:KeySize
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
Added:
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
URL:
http://svn.apache.org/viewvc/webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml?rev=808655&view=auto
==============================================================================
---
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
(added)
+++
webservices/rampart/branches/java/1_5/modules/rampart-integration/src/test/resources/rahas/policy/service-policy-symm-binding-saml2.xml
Thu Aug 27 21:56:29 2009
@@ -0,0 +1,70 @@
+<wsp:Policy wsu:Id="4"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";>
+<wsp:ExactlyOne>
+ <wsp:All>
+ <sp:SymmetricBinding
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:ProtectionToken>
+ <wsp:Policy>
+ <sp:IssuedToken
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient";>
+ <sp:RequestSecurityTokenTemplate>
+ <t:TokenType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>urn:oasis:names:tc:SAML:2.0:assertion</t:TokenType>
+ <t:KeyType
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey</t:KeyType>
+ <t:KeySize
xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust";>256</t:KeySize>
+ </sp:RequestSecurityTokenTemplate>
+ <wsp:Policy>
+ <sp:RequireDerivedKeys/>
+ <sp:RequireInternalReference/>
+ </wsp:Policy>
+ </sp:IssuedToken>
+ </wsp:Policy>
+ </sp:ProtectionToken>
+ <sp:AlgorithmSuite>
+ <wsp:Policy>
+ <sp:Basic256/>
+ </wsp:Policy>
+ </sp:AlgorithmSuite>
+ <sp:Layout>
+ <wsp:Policy>
+ <sp:Lax/>
+ </wsp:Policy>
+ </sp:Layout>
+ <sp:IncludeTimestamp/>
+ <sp:OnlySignEntireHeadersAndBody/>
+ </wsp:Policy>
+ </sp:SymmetricBinding>
+ <sp:Wss10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportRefKeyIdentifier/>
+ <sp:MustSupportRefIssuerSerial/>
+ </wsp:Policy>
+ </sp:Wss10>
+ <sp:Trust10
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy";>
+ <wsp:Policy>
+ <sp:MustSupportIssuedTokens/>
+ <sp:RequireClientEntropy/>
+ <sp:RequireServerEntropy/>
+ </wsp:Policy>
+ </sp:Trust10>
+ <ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy";>
+ <ramp:user>alice</ramp:user>
+ <ramp:encryptionUser>bob</ramp:encryptionUser>
+
<ramp:passwordCallbackClass>org.apache.rahas.PWCallback</ramp:passwordCallbackClass>
+
+ <ramp:signatureCrypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:signatureCrypto>
+ <ramp:encryptionCypto>
+ <ramp:crypto
provider="org.apache.ws.security.components.crypto.Merlin">
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.file">test-resources/rahas/policy/store.jks</ramp:property>
+ <ramp:property
name="org.apache.ws.security.crypto.merlin.keystore.password">password</ramp:property>
+ </ramp:crypto>
+ </ramp:encryptionCypto>
+ </ramp:RampartConfig>
+ </wsp:All>
+</wsp:ExactlyOne>
+</wsp:Policy>
