OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] proposal for action-id, subject-id, and required Attributes


On Tue, 3 Sep 2002, Anne Anderson wrote:

> On 3 September, Polar Humenn writes: Re: [xacml] proposal for action-id, subject-id, and required Attributes
>  > Anne, again, just requiring the Subject to have "one other" attribute,
>  > which is "typically" the "subject-id", doesn't really buy you much.
>  >
>  > I suggest that we should take a stance of being consistent across all
>  > subjects, actions, and resources. For each, either that no attributes are
>  > guarranteed to be there, or they all have at least one attribute available
>  > and we know explicitly what that attribute is.
>
> I vote for "no attributes are guaranteed to be there".  I do not
> care whether we make minOccurs=0 or 1, although I think we can
> eliminate some meaningless cases by requiring at least 1, even if
> we do not specify which one that is.


All I am saying that requiring 1 attribute without knowing what that
attribute is, doesn't make the situation any more "meaningful".

However, I don't see the sense in not being able to write a policy about a
subject, resource, and action, that is guarranteed to work on all PEP-PDP
XACML interfaces.

-Polar



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC