[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [CR] Subsections in Section 7
Hi, Anne I have no strong opinion on the order of subsections but we need to assume some model behind this section, e.g. the model in figure 1, hierarchical structure of core XACML schema, significance of topics etc. More concrete speaking, Section 7.1 seems to include three different topics: 1. the semantics of the permit, deny, indeterminate, and not applicable, 2.missing-attribute use case, and 3. how top-level XACML policy should be configured. I think that they should be placed in separate subsection. The first topic can be replaced by the sentence proposed by Polar (Use Profile for XACML Request). The second topic should be put in the place how the authorization decision should be made. I have no idea where the third topic is placed. Does it make sense? Michiharu IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 Anne Anderson <Anne.Anderson@Su To: XACML TC <xacml@lists.oasis-open.org> n.com> cc: Subject: Re: [xacml] [CR] Subsections in Section 7 2002/10/10 02:01 Please respond to Anne.Anderson On 9 October, Michiharu Kudoh writes: [xacml] [CR] Subsections in Section 7 > I think the order of subsections in Section 7 (Functional Requirements > (normative)) should be changed. Section 7.6 Policy Set evaluation and > Section 7.5 Policy evaluation should be followed by missing attributes > (Section 7.1) and LDAP attributes (Section 7.3) in terms of importance. > More appropriate order would be: > > 7.1 Policy Set evaluation > 7.2 Policy evaluation > 7.3 Rule evaluation I suggest putting missing attributes, then LDAP attributes, then hierarchical resources after "Rule evaluation". These all come up during Rule evaluation. Obligations applies at the Policy evaluation level, but only comes up after rules have been evaluated, so I think it belongs at the end. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC