[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] Issues Status
At 10:19 AM 2/15/02 -0500, Hal Lockhart wrote:
>You sold me personally on this concept at the recent XACML meeting.
>However, when thinking about this yesterday, something else occurred to
>me. The minOccurs value is a sign post to readers who are trying to
>understand the specification. They can for example, tell at a glance that
>Advice is an optional feature they don't have to bother with if they don't
>have any use for it. Similiarly, they can see at a glance that the use of
>signatures is optional.
>
>If we allow Statement to have a minOccurs of zero, it will not be obvious
>to most people that the Statement is the whole point of the assertion --
>that it contains the crucial information payload that the RP is looking
>for. I suspect this is one of those things that if we do it, we will find
>that we constantly have to explain it.
The metadata provided as part of the Assertion infrastructure is meant to
apply to *something*, and the semantics of the metadata would be in doubt
if there were no statements to apply them to. In such cases it's a common
design pattern to require at least one statement, and that's what I think
we should continue to do.
Eve
--
Eve Maler +1 781 442 3190
Sun Microsystems XML Technology Center eve.maler @ sun.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC