OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] [CR] Subsections in Section 7



Hi, Anne

I have no strong opinion on the order of subsections but we need to assume
some model behind this section, e.g. the model in figure 1, hierarchical
structure of core XACML schema, significance of topics etc.

More concrete speaking, Section 7.1 seems to include three different
topics: 1. the semantics of the permit, deny, indeterminate, and not
applicable, 2.missing-attribute use case, and 3. how top-level XACML policy
should be configured. I think that they should be placed in separate
subsection. The first topic can be replaced by the sentence proposed by
Polar (Use Profile for XACML Request). The second topic should be put in
the place how the authorization decision should be made. I have no idea
where the third topic is placed. Does it make sense?

Michiharu

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428




                                                                                                                                       
                      Anne Anderson                                                                                                    
                      <Anne.Anderson@Su        To:       XACML TC <xacml@lists.oasis-open.org>                                         
                      n.com>                   cc:                                                                                     
                                               Subject:  Re: [xacml] [CR] Subsections in Section 7                                     
                      2002/10/10 02:01                                                                                                 
                      Please respond to                                                                                                
                      Anne.Anderson                                                                                                    
                                                                                                                                       
                                                                                                                                       



On 9 October, Michiharu Kudoh writes: [xacml] [CR] Subsections in Section 7
 > I think the order of subsections in Section 7 (Functional Requirements
 > (normative)) should be changed. Section 7.6 Policy Set evaluation and
 > Section 7.5 Policy evaluation should be followed by missing attributes
 > (Section 7.1) and LDAP attributes (Section 7.3) in terms of importance.
 > More appropriate order would be:
 >
 > 7.1 Policy Set evaluation
 > 7.2 Policy evaluation
 > 7.3 Rule evaluation

I suggest putting missing attributes, then LDAP attributes, then
hierarchical resources after "Rule evaluation".  These all come
up during Rule evaluation.  Obligations applies at the Policy
evaluation level, but only comes up after rules have been
evaluated, so I think it belongs at the end.

Anne
--
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>







[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC