[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] condition reference text (item 7)
Colleagues - So, shall I proceed with the approach: retain <Condition> and
define it to contain a single <Expression> element? Is this agreed? All
the best. Tim.
-----Original Message-----
From: Polar Humenn [mailto:polar@syr.edu]
Sent: Monday, March 15, 2004 10:51 AM
To: Anne Anderson
Cc: Tim Moses; 'xacml@lists.oasis-open.org'
Subject: RE: [xacml] condition reference text (item 7)
The orginal problem here, was that Condition extended ApplyType, which I
thought was a bad idea, as it simulcast a Condition as a function, rather
than contain it.
If a Condition was an element containing an expression, then it wouldn't be
a problem.
However, since we are not really maintaining backward compatibility, for the
reasons Tim and Anne state about "talking about" the condition of a rule, I
can see that the proposal can handle something of the form.
<Condition>
<Apply FunctionId="string-equal">
.....
</Apply>
</Condition>
Or
<Condition>
<VariableRef VariableId="x"/>
</Condition>
or even
<Condition>
<AttributeValue Datatype="boolean>True</AttributeValue>
</Condition>
as long as the content is a boolean typed expression.
Admittedly, this approach adds 23 characters to each rule, but what the hey,
they only weigh 0.0003421 nanonewtons.
Is that an acceptable compromise?
Cheers,
-Polar
On Fri, 12 Mar 2004, Anne Anderson wrote:
> On 12 March, Tim Moses writes: RE: [xacml] condition reference text
> (item 7) > Colleagues - I have just realized how much work this is
> going to be. In > addition to the specific changes described by
> Simon, all the examples are > affected and the introductory material,
> including the class diagram are > affected. This is going to take
> some time. > > I would like to see formal acceptance of the proposal
> as soon as possible, > because backtracking doesn't look like an
> appealing option. >
> > Personally, I lament the passing of <Condition>. The part of <Rule>
that
> > complements <Target> is a significant independent concept that deserves
its
> > own name. Anyone who has to explain XACML will have to refer to it.
With
> > the passing of <Condition>, they'll have to talk about "the child
> > <Expression> element of the <Rule> element" or some such. Global
replace
> > may work for the editor, but it is not a very attractive prospect for
the
> > reader.
> >
> > Does anyone else feel that this idea needs a name of its own?
>
> Yes, I do. The type of the Condition element can be shared with the
> other expressions, but giving the element that contains the set of
> predicates for a Rule its own name is a minor addition with major
> readability benefits.
>
> The counter argument might be that people won't read XACML policies,
> and the tools that generate them don't care what the name is. As
> someone who frequently presents and explains XACML to customers and
> partners, I can attest that being able to present readable, short
> examples is essential to obtaining broader acceptance for XACML. We
> will not have many tools until enough human readers have decided XACML
> is a good language.
>
> Anne
>
> > All the best. Tim.
> >
> > -----Original Message-----
> > From: Tim Moses [mailto:tim.moses@entrust.com]
> > Sent: Thursday, March 11, 2004 9:16 AM
> > To: 'Simon Godik'; 'xacml@lists.oasis-open.org'
> > Subject: RE: [xacml] condition reference text (item 7)
> >
> >
> > Simon - Thanks. I'll incorporate into, and issue, a Draft 07, on
> the > assumption that, if and when there is a vote on this subject,
> the vote will > be to accept. If not, we can always backtrack. All
> the best. Tim. > > -----Original Message-----
> > From: Simon Godik [mailto:simon.godik@overxeer.com]
> > Sent: Wednesday, March 10, 2004 11:10 PM
> > To: xacml@lists.oasis-open.org
> > Subject: [xacml] condition reference text (item 7)
> >
> >
> > Hi Tim,
> > Here is condition reference text and schema. Text is adopted (with some
> > additions) from Polar's email
> >
> > Simon
> >
> > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> > <HTML><HEAD>
> > <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII">
> > <TITLE>Message</TITLE>
> >
> > <META content="MSHTML 6.00.2737.800" name=GENERATOR>
> > <STYLE></STYLE>
> > </HEAD>
> > <BODY bgColor=#ffffff>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2>Colleagues - I have just realized how much work this is going to
> > be. In addition to the specific changes described by Simon, all
the
> > examples are affected and the introductory material, including the
class diagram
> > are affected. This is going to take some
time.</FONT></SPAN></DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
size=2>I
> > would like to see formal acceptance of the proposal as soon as
possible, because
> > backtracking doesn't look like an appealing option.</FONT></SPAN></DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2>Personally, I lament the passing of <Condition>. The
part of
> > <Rule> that complements <Target> is a significant
independent
> > concept that deserves its own name. Anyone who has to explain
XACML will
> > have to refer to it. With the passing of <Condition>,
they'll have
> > to talk about "the child <Expression> element of
> > the <Rule> element" or some such. Global replace may
work for
> > the editor, but it is not a very attractive prospect for the
> > reader.</FONT></SPAN></DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
size=2>Does
> > anyone else feel that this idea needs a name of its
own?</FONT></SPAN></DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
> > size=2></FONT></SPAN> </DIV>
> > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff
size=2>All
> > the best. Tim.</FONT></SPAN></DIV>
> > <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
> > <DIV></DIV>
> > <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
> > face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Tim
Moses
> > [mailto:tim.moses@entrust.com] <BR><B>Sent:</B> Thursday, March 11,
2004 9:16
> > AM<BR><B>To:</B> 'Simon Godik';
> > 'xacml@lists.oasis-open.org'<BR><B>Subject:</B> RE: [xacml] condition
> > reference text (item 7)<BR><BR></FONT></DIV>
> > <DIV><SPAN class=282001414-11032004><FONT face=Arial color=#0000ff
> > size=2>Simon - Thanks. I'll incorporate into, and issue, a
Draft 07, on
> > the assumption that, if and when there is a vote on this subject, the
vote
> > will be to accept. If not, we can always backtrack. All
the
> > best. Tim.</FONT></SPAN></DIV>
> > <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
> > <DIV></DIV>
> > <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT
> > face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Simon
Godik
> > [mailto:simon.godik@overxeer.com] <BR><B>Sent:</B> Wednesday, March
10, 2004
> > 11:10 PM<BR><B>To:</B>
xacml@lists.oasis-open.org<BR><B>Subject:</B> [xacml]
> > condition reference text (item 7)<BR><BR></FONT></DIV>
> > <DIV><FONT face=Arial size=2>Hi Tim,</FONT></DIV>
> > <DIV><FONT face=Arial size=2>Here is condition reference text and
schema.
> > Text is adopted (with some additions) from Polar's
email</FONT></DIV>
> > <DIV><FONT face=Arial size=2></FONT> </DIV>
> > <DIV><FONT face=Arial
> > size=2>Simon</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
>
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> To unsubscribe from this mailing list (and be removed from the roster
> of the OASIS TC), go to
> http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workg
> roup.php.
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]