OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml-comment] Problems understanding XACML spec. Forwarded messagefrom Graham Klyne.


------- start of forwarded message -------
From: Graham Klyne <GK@NineByNine.org>
To: anne.anderson@Sun.COM
Subject: Problems understanding XACML spec
Date: Wed, 20 Nov 2002 13:40:25 +0000

[This comment was sent to the XACML comments list, and bounced.  I'm 
sending it to you at Steve Hanna's suggestion.  #g]

I'm having a really hard time understanding what you're trying to say in 
the XACML spec:
http://www.oasis-open.org/committees/xacml/repository/draft-xacml-schema-policy-18d.doc

The description of a rule seems to be inadequately motivated.

The description in section 2 (background) says "The <Rule> element contains 
a boolean expression that can be evaluated in isolation..." which doesn't 
do anything to prepare me for the description I find in section 3.3.1.  I'm 
finding it particularly hard to see
(a) what this Boolean expression is evaluated over  (it seems to have 
something to do with the rule target), and
(b) how the Boolean result relates to the evaluation of the rule.  I can 
see that a Boolean true results in Permit or Deny depending on the value of 
the rule's effect field, but what happens if the Boolean value is false?
As far as I can tell, understanding this is crucial to understanding all 
the other stuiff about combining rules and policies.  Under what 
circumstances is a rule found to be "NotApplicable"?

I also find the reference to the fact that a rule may "inherit" target 
information from a policy is particularly obscure.

It seems to me that the idea of a rule is fundamental to understanding this 
specification, but that vital idea is not adequately explained.

It may be that the information is present somewhere in this document, but 
it is a big and complicated document and I can't tell what's important.  I 
think more attention needs to be paid to the order in which concepts are 
introduced.  I would expect section 2 to deal with this, but it seems some 
important ideas are not being adequately explained.

I also think there's an over-dependence in the text on abbreviations that 
are introduced in the glossary.  There are many special terms, and ordinary 
words used with special meaning, and it's not reasonable to assume that 
someone not familiar with them to absorb them on one pass through the glossary.

#g


-------------------
Graham Klyne
<GK@NineByNine.org>


------- end of forwarded message -------

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC