[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] XACML Profile for Role Based Access Control (RBAC)
Sorry Anne, there is no longer such a thing as a Committee Specification at OASIS. What we approved is a Committee Draft. I imagine we can wait until you return from vacation to get this fixed, but I ask others not to circulate this version until we get the header fixed. Hal > -----Original Message----- > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] > Sent: Friday, February 13, 2004 9:43 AM > To: XACML TC > Cc: Anne.Anderson@Sun.COM > Subject: [xacml] XACML Profile for Role Based Access Control (RBAC) > > > Colleagues, > > I have re-formatted the RBAC profile as a Committee > Specification, and this new version is attached as a PDF file. I > have cleaned up lots of formatting, spelling, grammar, > etc. errors that were in the working draft. > > Three notes, the first of which concerns a change that perhaps > exceeds the bounds of editorial discretion: > > 1) Section 1.5 Multi-Role Permissions > > Previously, this non-normative section said: > > "The permissions associated with a given Multi-Role > <PolicySet>, however, may be inherited only by other > multi-role policies that require a superset of the roles > required by the given multi-role policy. This is because > the <Target> of the Role <PermissionSet> associated with the > multi-role policy will screen out any Subject that does not > possess at least the set of roles required by the given > multi-role policy." > > During my close edit reading, I realized that this statement > is incorrect and also conflicts with the rest of the document; > it assumed that the other role would include the multi-role > Role <PolicySet>, which include the role-restricting Target, > rather than the multi-role Permission <PolicySet>, which > contains an "any" Target. Elsewhere, the text is very clear > that to include the permissions of another role, you include > that role's Permission <PolicySet>, not that role's Role > <PolicySet>. > > I have reworded this to say: > > "The permissions associated with a given multi-role <PolicySet> > may also be inherited by another role if the other role > includes a reference to the Permission <PolicySet> associated > with the multi-role policy in its own Permission <PolicySet>." > > If anyone objects to this change, please say so. > > 2) The line numbers in the examples use a different line number > sequence from the line numbers in the rest of the text. This > seems to be a "feature" of StarOffice, so I hope you can live > with it. The line numbers in the examples end in a ".", > whereas the line numbers in the text do not, so it is possible > to specify the series of numbers to which you are referring. > > 3) The document's title page says its location is > "http://docs/oasis-open.org/xacml/cs-xacml-rbac-profile-01.pdf". > The document is not located there now (since this edit has not > been approved yet), but will be uploaded into the location by > the OASIS webmaster once I give her the version to use. This > makes use of a little-known OASIS manual mechanism for > reserving a URL for use by a committee specification or > standard rather than using the Kavi repository, which assigns > the URL only as it is being uploaded. > > I will wait a decision from the chairs as to when this version > should be uploaded as the accepted Committee Specification. > > Anne > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]