[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: My take on WI's 37-40
37. Multiple <AttributeValue> elements for single <Attribute> in Request Allow <Attribute ID=X> <AttributeValue>A</AttributeValue> <AttributeValue>B</AttributeValue> <AttributeValue>C</AttributeValue> </Attribute> as shorthand for <Attribute ID=X> <AttributeValue>A</AttributeValue> </Attribute> <Attribute ID=X> <AttributeValue>A</AttributeValue> </Attribute> <Attribute ID=X> <AttributeValue>A</AttributeValue> </Attribute> TYPE: Simplicity of Request construction STATUS: Needs proposal. Related: #1. PROPOSAL: CHAMPION: Frank Siebenlist F2F: ? [Hal] Ok, I am confused. I thought these were multi-value. The designators and selectors all return bags. Let's talk about it at the F2F. 38. Policies for the Administration of XACML Policies XACML defines a language to express policies about access to resources. But it is also desirable to create policies about the creation, modification and deletion of XACML policies. In a sense XACML already allows this, since XACML policies are agnostic to the semantics of the resources being protected. However, it is very desirable for administrative policies to specify not the "name" of policies being administered, but their "content." TYPE: New functionality STATUS: Open issues. PROPOSAL: http://lists.oasis-open.org/archives/xacml/200308/msg00050.html CHAMPION: Hal Lockhart F2F: ? [Hal] Polar suggested we simply specify the allowed Targets. It seems to me this would work, but I am less sure it would meet all reasonable requirements. Would like to discuss at F2F. 39. Make Status in the XACML Response optional Makes it possible to allow Status for Indeterminate situations to be conveyed in the protocol envelope (such as SAML DecisionStatement) rather than in the XACML Response for cases where that is more appropriate. Avoids having redundant and possibly inconsistent Status fields when XACML Response is carried in some envelope that also has a Status. TYPE: New functionality STATUS: Needs proposal. PROPOSAL: CHAMPION: Hal Lockhart F2F: No (resolve by e-mail) [Hal] I agree. All it needs is minOccurs="0" and a little text. 40. Define a SAML PolicyQuery and PolicyStatement Define syntax for SAML that will allow a Query for one or more Policy or PolicySet instances with specified Policy[Set]Ids, and will return the requested instances in a PolicyStatement in a SAML Assertion. TYPE: New functionality. STATUS: Needs proposal. PROPOSAL: CHAMPION: Hal Lockhart F2F: No (not tied to XACML 2.0) [Hal] I think we need to discuss if we want the generic policy layer. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]