[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] XACML 2
Diego M. Gonzalez wrote: > Seems the scenario you are proposing about references between versions > is covered with the elements that extends IdReferenceType > (PolicySetIdReference and PolicyIdReference) now the references must add > some information about versioning: Version, EarliestVersion and > LatestVersion. The section 5.21 defines the matching behavior. Actually that's a little different. The new feature in 2.0 is about revision numbers on policies, not which version of XACML is acceptable (which is what I raised). The new version feature has two components: it lets me put a version number in a Policy or PolicySet (eg, this is version 2.3.7 of this policy) and then lets me put a required version or range of versions in a reference (so, for instance, I can reference any versions of the policy later than 2.3). If more than one version is available, you're supposed to use the latest version available. Note that these are optional attributes, so you can ignore them in your policies and references, and you get the same behavior as in 1.x. I suggested this feature for 2.0, so if you don't like it complaints go to me :) The original issue I raised had to do with the version of XACML a policy uses. So for instance, let's say we have an XACML 2.0 policy with a reference to an XACML 1.1 policy. How should we handle this? My instinct is to allow the engine to process the 2.0 policy using the 2.0 spec, but process the referenced policy using the 1.1 spec, since the result that comes back means the same in 1.1 and 2.0. I suspect, however, that I'll discover some corner cases when I actually try doing this. Dunno. We'll see... seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]