OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] a couple paramaters questions


On Wed, 25 Aug 2004, Seth Proctor wrote:

> In the current draft (13), I see that both PolicySet and Policy let you
> specify CombinerParameters, but in both cases it's inside the choice
> that allows any number of parameters. Since CombinerParameters is
> already a container for any number of parameters, why do we need to
> allow more than one per Policy[Set]? I can't figure out what value this
> adds.

It's funny that the guys who like less structure, always want more
structure constraints. (I could make a political oriented joke here, but).

The value is that you may define each set of parameters along with the
rule (or policy) next to each other.  It has its advantages in generating
policies from tools.

> Unless I'm missing something, I'd like to see only one optional
> CombinerParameters per Policy[Set], which not only simplifies the
> schema, but also the spec, since we currently explain in a number of
> places that having multiple CP elements just results in them being
> concatenated together. If we only allowed one block, then we could
> remove all the extra text.

So, why the restriction? Does it make it [the XML] look neater?

> A related question has to do with parameters for specific
> Rules/Policies/PolicySets. We don't have different CombinerParameters
> types for policy and rule combining algorithms, but we do have
> different ones for policyset, policy, and rule. Why is this?

Those combining parameters, since you brought it up, I suspect that the
specification may be actually deficient in this regard, refer to
particular rules, policies, policy sets. And that reason is because they
refer to rule-id, policy-id, and policy-set-id respectively. Since there
is no convention on the structure of those id's there, needs to be a
construct to distinguish them.

> The three all behave the same way and have the same contents. The only
> rationale I can think of is that this allows a Policy and a PolicySet to
> have the same identifier, but we already handle this case, in fact we're
> explicit about this in the text explaining how parameters for references
> are handled.

How so? We have PolicyRef and PolicySetRef for the same exact reason.

> Can someone help explain this to me? I'd like to use just one type, but
> I suspect there must be a reason for this naming choice...

I hope that helps. !

Cheers,
-Polar

>
> Thanks!
>
>
> seth
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]