OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Proposed changes to Appendix B. XACML identifiers

Here are changes I see required from a close reading of Appendix
B.

Assume "urn:oasis:names:tc:xacml:1.0: is prefix on all
identifiers discussed below.

Section B.2 Authentication locality

   These two identifiers, "authn-locality:ip-address" and
   "authn-locality:dns-name", should be moved under "Subject
   Attributes".  For consistency, they should be renamed
   "subject:authn-locality:ip-address" and
   "subject:authn-locality:dns-name".  If we had standard
   DataTypes for ip-address and dns-name, they could be one
   Attribute Identifier, with distinguished DataTypes, but I
   think it is too late to define new DataTypes (and the
   associated -equal and -match functions) now.  This will work.

Section B.3 Access subject categories

   These should also be moved under "Subject Attributes" as
   values for the "subject:subject-category" Attribute.

Section B.5 Data types

   - Rename "datatype:x500name" to "datatype:x500Name"
   - Rename "datatype:rfc822name" to "datatype:rfc822Name"
   - Remove "datatype:ufs-path".  This is a resource attribute,
     not a datatype.
   - Remove "datatype:numeric"
   - Remove "http://www.w3.org/2001/XMLSchema:Gregorian";
   - Add the other mandatory-to-implement primitive datatypes:
     xs:string
     xs:boolean
     xs:integer
     xs:decimal
     xs:date
     xs:dateTime
     xs:anyURI
     xs:hexBinary
     xs:base64Binary
     xf:dateTimeDuration
     xf:yearMonthDuration

Section B.7 Subject attributes

   - The last line says "Add the LDAP attributes".  Who is
     responsible for this?

Section B.8 Resource attributes

   - "resource:resource-uri" should be changed to
     "resource:resource-id"
   - Add "resource:ufs-path"

New Section after B.8: Action attributes

   - Add "action:action-id"
   - Add "action:action-namespace"

Section B.12 Actions used in examples

   - Add "example:action:read"
   - Define "example:action:xml-ac" (Michiharu?)
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC