OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: My take on WI's 37-40

37. Multiple <AttributeValue> elements for single <Attribute> in Request

   Allow
      <Attribute ID=X>
        <AttributeValue>A</AttributeValue>
        <AttributeValue>B</AttributeValue>
        <AttributeValue>C</AttributeValue>
      </Attribute>
   as shorthand for
      <Attribute ID=X>
        <AttributeValue>A</AttributeValue>
      </Attribute>
      <Attribute ID=X>
        <AttributeValue>A</AttributeValue>
      </Attribute>
      <Attribute ID=X>
        <AttributeValue>A</AttributeValue>
      </Attribute>

   TYPE: Simplicity of Request construction
   STATUS: Needs proposal.  Related: #1.
   PROPOSAL:
   CHAMPION: Frank Siebenlist
   F2F: ?

[Hal] Ok, I am confused. I thought these were multi-value. The designators
and selectors all return bags. Let's talk about it at the F2F.

38. Policies for the Administration of XACML Policies

   XACML defines a language to express policies about access to
   resources. But it is also desirable to create policies about
   the creation, modification and deletion of XACML policies. In
   a sense XACML already allows this, since XACML policies are
   agnostic to the semantics of the resources being
   protected. However, it is very desirable for administrative
   policies to specify not the "name" of policies being
   administered, but their "content."

   TYPE: New functionality
   STATUS: Open issues.
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200308/msg00050.html
   CHAMPION: Hal Lockhart
   F2F: ?

[Hal] Polar suggested we simply specify the allowed Targets. It seems to me
this would work, but I am less sure it would meet all reasonable
requirements. Would like to discuss at F2F.

39. Make Status in the XACML Response optional

   Makes it possible to allow Status for Indeterminate situations
   to be conveyed in the protocol envelope (such as SAML
   DecisionStatement) rather than in the XACML Response for cases
   where that is more appropriate.  Avoids having redundant and
   possibly inconsistent Status fields when XACML Response is
   carried in some envelope that also has a Status.

   TYPE: New functionality
   STATUS: Needs proposal.
   PROPOSAL:
   CHAMPION: Hal Lockhart
   F2F: No (resolve by e-mail)

[Hal] I agree. All it needs is minOccurs="0" and a little text.

40. Define a SAML PolicyQuery and PolicyStatement

   Define syntax for SAML that will allow a Query for one or more
   Policy or PolicySet instances with specified Policy[Set]Ids,
   and will return the requested instances in a PolicyStatement
   in a SAML Assertion.

   TYPE: New functionality.
   STATUS: Needs proposal.
   PROPOSAL:
   CHAMPION: Hal Lockhart
   F2F: No (not tied to XACML 2.0)

[Hal] I think we need to discuss if we want the generic policy layer.

Hal

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]