RE: [xacml] Groups - oasis-xacml-profile-multiple-resources-wd-03 .pdfuploaded

[Anne Anderson <Anne.Anderson@Sun.COM>]

Tim,

Thanks for the comments.  Here is how I responded to them in
Draft 04.

On 17 August, Tim Moses writes: RE: [xacml] Groups - oasis-xacml-profile-multiple-resources-wd-03	.pdf uploaded
 > In sections 3.1.3 and 3.2.3 outcomes of "Indeterminate" and "NotApplicable"
 > are not currently discussed.

I changed text to say explicitly "If any of the new request
contexts evaluates to "Deny", "Indeterminate", or
"NotApplicable", then a single <Result> containing a <Decision>
of "Deny" SHALL be placed into the response context returned to
the PEP.  This is as if the responses were being combined under a
"DenyOverrides" combining algorithm, which seems to be the only
safe single choice.

 > Trivial ...
 > 
 > 19 - Include instructions for using the Web form to submit comments (see
 > text on the front page of the core spec.).

Done.

 > 52 - unbold "authorization".  Only "decision request" is in
the glossary.

I deleted "authorization" and changed to say just "decision
request".

 > 121 and elsewhere - I prefer not to use the section title in the section
 > reference (e.g. Section 4.1:"scope").  This is because it isn't always clear
 > where the section title ends and the normal text continues.

Done.

 > 132 - Change "is the contents of the <AttributeValue>" to "SHALL be the
 > contents of the <AttributeValue> element".

Done.

 > 146 - <children> to <Children> and <descendants> to <Descendants>.  Also,
 > how about a shorter title for sections 2.1 and 2.2.  I suggest: "Nodes
 > identified by scope" and "Nodes identified by XPath"?

I took your suggestions for the shorter titles.

 > In Section 2.1, include a note to the effect that "scope" is defined in
 > Section 4.

Done.

 > 161 - Eliminate duplicate "be".

Done.

 > 168 & 170 - Change "the Individual Resources are" to "each Individual
 > Resource is".

Done.

 > 196 - Change "attribute evaluates" to "attribute is an xpath expression that
 > evaluates".

Done.

 > 223 - Correct formatting of <Resource>.

Done.

 > 224 - Change "the mechanisms" to "the other mechanisms".

Done.

 > 243 - Eliminate duplicate "a".

Done.

 > 266 - Eliminate leading space.

Done.

 > 277 - Change "containing" to "contains".

Done.

 > 277 - Eliminate "That node SHALL be the one corresponding to the new request
 > context.".  I think this is redundant.  Isn't it?

I removed the sentence, but changed the previous sentence to say
"nodeset that contains exactly that one node in the
                               ^^^^
<ResourceContent> element"

My concern was that the XPath expression might well evaluate to
only a single node, but that node might be some node other than
the one that this new Request Context is being constructed for.

 > 295 - Eliminate leading space.

Done.  Eagle eye!

 > 305 - Eliminate "That node SHALL be the one corresponding to the new request
 > context.".  I think this is redundant.  Isn't it?

Same changes as for 277.

Thanks again.

Anne
 > -----Original Message-----
 > From: Anne.Anderson@Sun.com [mailto:Anne.Anderson@Sun.com] 
 > Sent: Tuesday, August 03, 2004 1:51 PM
 > To: xacml@lists.oasis-open.org
 > Subject: [xacml] Groups - oasis-xacml-profile-multiple-resources-wd-03.pdf
 > uploaded
 > 
 > 
 > The document oasis-xacml-profile-multiple-resources-wd-03.pdf has been
 > submitted by Anne Anderson (Anne.Anderson@Sun.com) to the OASIS eXtensible
 > Access Control Markup Language TC document repository.
 > 
 > Document Description:
 > XACML Profile for Requests for Multiple Resources, Working Draft 03, 3
 > August 2004, PDF format.  Includes the following changes: "Contributors"
 > moved to "Acknowledgments" due to lack of room on front page, Bill and Simon
 > affiliation changed to GlueCode Software, added Ron Jacobson to
 > Acknowledgments, Added mechanism for requesting a single response for access
 > to an entire hierarchy, added new "scope" attribute values for the
 > XPath-expression mechanism and for the "entire hierarchy" mechanism, and
 > editorial changes for greater clarity.
 > 
 > Download Document:  
 > http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/8433/oasis-x
 > acml-profile-multiple-resources-wd-03.pdf
 > 
 > View Document Details:
 > http://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=
 > 8433
 > 
 > 
 > PLEASE NOTE:  If the above links do not work for you, your email application
 > may be breaking the link into two pieces.  You may be able to copy and paste
 > the entire link address into the address field of your web browser.
 > 
 > 
 > 
 > To unsubscribe from this mailing list (and be removed from the roster of the
 > OASIS TC), go to
 > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.p
 > hp.
 > 
 > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
 > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692