[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] Problems understanding XACML spec. Forwarded messagefrom Graham Klyne.
------- start of forwarded message ------- From: Graham Klyne <GK@NineByNine.org> To: anne.anderson@Sun.COM Subject: Problems understanding XACML spec Date: Wed, 20 Nov 2002 13:40:25 +0000 [This comment was sent to the XACML comments list, and bounced. I'm sending it to you at Steve Hanna's suggestion. #g] I'm having a really hard time understanding what you're trying to say in the XACML spec: http://www.oasis-open.org/committees/xacml/repository/draft-xacml-schema-policy-18d.doc The description of a rule seems to be inadequately motivated. The description in section 2 (background) says "The <Rule> element contains a boolean expression that can be evaluated in isolation..." which doesn't do anything to prepare me for the description I find in section 3.3.1. I'm finding it particularly hard to see (a) what this Boolean expression is evaluated over (it seems to have something to do with the rule target), and (b) how the Boolean result relates to the evaluation of the rule. I can see that a Boolean true results in Permit or Deny depending on the value of the rule's effect field, but what happens if the Boolean value is false? As far as I can tell, understanding this is crucial to understanding all the other stuiff about combining rules and policies. Under what circumstances is a rule found to be "NotApplicable"? I also find the reference to the fact that a rule may "inherit" target information from a policy is particularly obscure. It seems to me that the idea of a rule is fundamental to understanding this specification, but that vital idea is not adequately explained. It may be that the information is present somewhere in this document, but it is a big and complicated document and I can't tell what's important. I think more attention needs to be paid to the order in which concepts are introduced. I would expect section 2 to deal with this, but it seems some important ideas are not being adequately explained. I also think there's an over-dependence in the text on abbreviations that are introduced in the glossary. There are many special terms, and ordinary words used with special meaning, and it's not reasonable to assume that someone not familiar with them to absorb them on one pass through the glossary. #g ------------------- Graham Klyne <GK@NineByNine.org> ------- end of forwarded message ------- -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC