[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] AA04: 5.1 PolicySetId explanation clarification
This is fine with me. -Anne On 11 October, Tim Moses writes: RE: [xacml] AA04: 5.1 PolicySetId explanation clarification > From: Tim Moses <tim.moses@entrust.com> > To: "'Anne.Anderson@Sun.com'" <Anne.Anderson@sun.com>, > XACML TC > <xacml@lists.oasis-open.org> > Subject: RE: [xacml] AA04: 5.1 PolicySetId explanation clarification > Date: Fri, 11 Oct 2002 16:06:50 -0400 > > Anne - I was definitely uncomfortable with the original wording. But, even > your improvement leaves unnecessary room for misunderstanding. Why not > clearly state that it is the PAP's responsibility to ensure that no two > policies visible to a PDP have the same identifier? So, instead of > "minimize the potential", why not say "eliminate the possibility"? > > In practice, PDPs SHALL only accept policies from PAPs that agree to conform > to a disjoint identifier assignment scheme and PAPs MUST adhere to their > declared scheme. Yes/No? > > All the best. Tim. > > -----Original Message----- > From: Anne Anderson [mailto:Anne.Anderson@Sun.com] > Sent: Friday, October 11, 2002 3:57 PM > To: XACML TC > Subject: [xacml] AA04: 5.1 PolicySetId explanation clarification > > > Text location: Section 5.1 (PolicySet), explanation of > PolicySetId (p. 44, lines 1845-1848 in my copy of 18c) > > Text change: Change "The party assigning the identifier MUST > minimize the potential of some other party reusing the same > identifier." to "The party assigning the identifier MUST > minimize the potential of some other party re-using the same > identifier within the scope of the PDPs that may use or reference > that identifier." > > Rationale: "How unique does it have to be, Anne?" "As unique as > necessary, Joe." > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> > <HTML> > <HEAD> > <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> > <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> > <TITLE>RE: [xacml] AA04: 5.1 PolicySetId explanation clarification</TITLE> > </HEAD> > <BODY> > > <P><FONT SIZE=2>Anne - I was definitely uncomfortable with the original wording. But, even your improvement leaves unnecessary room for misunderstanding. Why not clearly state that it is the PAP's responsibility to ensure that no two policies visible to a PDP have the same identifier? So, instead of "minimize the potential", why not say "eliminate the possibility"?</FONT></P> > > <P><FONT SIZE=2>In practice, PDPs SHALL only accept policies from PAPs that agree to conform to a disjoint identifier assignment scheme and PAPs MUST adhere to their declared scheme. Yes/No?</FONT></P> > > <P><FONT SIZE=2>All the best. Tim.</FONT> > </P> > > <P><FONT SIZE=2>-----Original Message-----</FONT> > <BR><FONT SIZE=2>From: Anne Anderson [<A HREF="mailto:Anne.Anderson@Sun.com";>mailto:Anne.Anderson@Sun.com</A>]</FONT> > <BR><FONT SIZE=2>Sent: Friday, October 11, 2002 3:57 PM</FONT> > <BR><FONT SIZE=2>To: XACML TC</FONT> > <BR><FONT SIZE=2>Subject: [xacml] AA04: 5.1 PolicySetId explanation clarification</FONT> > </P> > <BR> > > <P><FONT SIZE=2>Text location: Section 5.1 (PolicySet), explanation of</FONT> > <BR><FONT SIZE=2>PolicySetId (p. 44, lines 1845-1848 in my copy of 18c)</FONT> > </P> > > <P><FONT SIZE=2>Text change: Change "The party assigning the identifier MUST</FONT> > <BR><FONT SIZE=2>minimize the potential of some other party reusing the same</FONT> > <BR><FONT SIZE=2>identifier." to "The party assigning the identifier MUST</FONT> > <BR><FONT SIZE=2>minimize the potential of some other party re-using the same</FONT> > <BR><FONT SIZE=2>identifier within the scope of the PDPs that may use or reference</FONT> > <BR><FONT SIZE=2>that identifier."</FONT> > </P> > > <P><FONT SIZE=2>Rationale: "How unique does it have to be, Anne?" "As unique as</FONT> > <BR><FONT SIZE=2>necessary, Joe."</FONT> > <BR><FONT SIZE=2>-- </FONT> > <BR><FONT SIZE=2>Anne H. Anderson Email: Anne.Anderson@Sun.COM</FONT> > <BR><FONT SIZE=2>Sun Microsystems Laboratories</FONT> > <BR><FONT SIZE=2>1 Network Drive,UBUR02-311 Tel: 781/442-0928</FONT> > <BR><FONT SIZE=2>Burlington, MA 01803-0902 USA Fax: 781/442-1692</FONT> > </P> > <BR> > > <P><FONT SIZE=2>----------------------------------------------------------------</FONT> > <BR><FONT SIZE=2>To subscribe or unsubscribe from this elist use the subscription</FONT> > <BR><FONT SIZE=2>manager: <<A HREF="http://lists.oasis-open.org/ob/adm.pl"; TARGET="_blank">http://lists.oasis-open.org/ob/adm.pl</A>></FONT> > </P> > > </BODY> > </HTML> -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC