RE: [xacml] Minutes of 20 May 2004 XACML Focus Group

["Daniel Engovatov" <dengovatov@bea.com>]

>How do you propose to deal with duplicate names?

By specifying that the resource-id must be unique.  Exactly the same as
with subject id or action-id. Or any other attribute used in target,
actually. If resource-id is the same - it is the same resource.  Same
issue exists for non-hierarchical policy. 

There are many unique naming schemes, URI is one of them, and mandating
that everybody should use it is not needed.  People are already using
great many of scheme - why should we force them into yet another one?
For what benefit?

If somebody is to write a policy protecting some particular hierarchy -
policy author needs to know the actual names of resources anyway.  We
are standardizing - POLICY, not *systems* they are protecting.
Specific naming scheme does not buy you anything in terms of policy
expressiveness and interoperability.

Also - using non-reversible "matching" operations in rule targets is a
generally bad idea - it makes policy analysis more complicated.

Daniel.