[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] "AuthorizationQuery" and"AuthorizationSt atement" are *still* misleading names
Hi Bob,
Speaking from an XACML point of view, I fully agree with your concern here and support your proposal to rename these elements.
By the way, I must have been asleep for a while or something, but what is this reference to "our three assertions (now statements, of course)"? Is this specification not still called the Security Assertion Markup Language? How can we put out a SAML spec that has no assertions in it (just "statements")? Furthermore, the word "assertion" semantically carries much more weight, authority, and commitment than the word "statement" (at least in common usage), which I think is what we're trying to achieve, since these are issued by Authorities. Has this decision to call them "statements" already been made by the TC, or is this still under discussion?
Carlisle.
----------
From: RL 'Bob' Morgan[SMTP:rlmorgan@washington.edu]
Reply To: RL 'Bob' Morgan
Sent: Tuesday, December 18, 2001 4:09 AM
To: OASIS Security Services TC
Subject: [security-services] "AuthorizationQuery" and "AuthorizationStatement" are *still* misleading names
I sent the message below a couple of weeks ago. There hasn't been any
discussion, and core-21 still uses the same old names for these elements,
which I continue to claim are likely to cause tremendous confusion going
forward. I guess at this point I may need to make a formal motion
regarding this change. If folks are worried about the resulting names
being too long, I'm sure we can find a shorter form like "AuthzDecsnQuery"
if needed.
- RL "Bob"
---------- Forwarded message ----------
Date: Fri, 23 Nov 2001 15:46:56 -0800 (PST)
From: RL 'Bob' Morgan <rlmorgan@washington.edu>
To: OASIS Security Services TC <security-services@lists.oasis-open.org>
Subject: [security-services] "AuthorizationQuery" and
"AuthorizationStatement" are misleading names
Early in the process of this committee we decided, after much contention
and explanation and careful thought about concepts and terminology, that
one of our three assertions (now statements, of course) is an
"Authorization Decision Assertion", where that name precisely captures the
intent of the structure. In particular we observed as part of that
discussion that the single word "authorization" by itself can mean so
many different things that it has to be qualified to be useful. The text
of core-20, in section 1, uses the term "Authorization Decision
Assertion", and section 1.5 has this phrase as its title.
However, the actual name of the element, as specified in section 1.5 and
elsewhere, is "AuthorizationStatement". And, the name of the
corresponding query element, as specified in section 2.5, is
"AuthorizationQuery". It seems to me that these names are misleading and
should be changed. This is especially true since a likely user of our
statement structures is the XACML work, which (though I haven't followed
it) is supposedly about managing and expressing authorization information.
So, I strongly suggest that these elements be renamed
"AuthorizationDecisionStatement" and "AuthorizationDecisionQuery" and that
the corresponding types be similarly renamed.
- RL "Bob"
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC