[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Issues Status
At 10:19 AM 2/15/02 -0500, Hal Lockhart wrote: >You sold me personally on this concept at the recent XACML meeting. >However, when thinking about this yesterday, something else occurred to >me. The minOccurs value is a sign post to readers who are trying to >understand the specification. They can for example, tell at a glance that >Advice is an optional feature they don't have to bother with if they don't >have any use for it. Similiarly, they can see at a glance that the use of >signatures is optional. > >If we allow Statement to have a minOccurs of zero, it will not be obvious >to most people that the Statement is the whole point of the assertion -- >that it contains the crucial information payload that the RP is looking >for. I suspect this is one of those things that if we do it, we will find >that we constantly have to explain it. The metadata provided as part of the Assertion infrastructure is meant to apply to *something*, and the semantics of the metadata would be in doubt if there were no statements to apply them to. In such cases it's a common design pattern to require at least one statement, and that's what I think we should continue to do. Eve -- Eve Maler +1 781 442 3190 Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC