OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [security-services] "AuthorizationQuery" and "AuthorizationStatement"are *still* misleading names



I sent the message below a couple of weeks ago.  There hasn't been any
discussion, and core-21 still uses the same old names for these elements,
which I continue to claim are likely to cause tremendous confusion going
forward.  I guess at this point I may need to make a formal motion
regarding this change.  If folks are worried about the resulting names
being too long, I'm sure we can find a shorter form like "AuthzDecsnQuery"
if needed.

 - RL "Bob"

---------- Forwarded message ----------
Date: Fri, 23 Nov 2001 15:46:56 -0800 (PST)
From: RL 'Bob' Morgan <rlmorgan@washington.edu>
To: OASIS Security Services TC <security-services@lists.oasis-open.org>
Subject: [security-services] "AuthorizationQuery" and
    "AuthorizationStatement" are misleading names


Early in the process of this committee we decided, after much contention
and explanation and careful thought about concepts and terminology, that
one of our three assertions (now statements, of course) is an
"Authorization Decision Assertion", where that name precisely captures the
intent of the structure.  In particular we observed as part of that
discussion that the single word "authorization"  by itself can mean so
many different things that it has to be qualified to be useful.  The text
of core-20, in section 1, uses the term "Authorization Decision
Assertion", and section 1.5 has this phrase as its title.

However, the actual name of the element, as specified in section 1.5 and
elsewhere, is "AuthorizationStatement".  And, the name of the
corresponding query element, as specified in section 2.5, is
"AuthorizationQuery".  It seems to me that these names are misleading and
should be changed.  This is especially true since a likely user of our
statement structures is the XACML work, which (though I haven't followed
it) is supposedly about managing and expressing authorization information.

So, I strongly suggest that these elements be renamed
"AuthorizationDecisionStatement" and "AuthorizationDecisionQuery" and that
the corresponding types be similarly renamed.

 - RL "Bob"




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC