[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Groups - Changes Since XACML 1.0(xacml_1.x_2.0_diffs_draft.doc) uploaded
More comments. This is what Bill gets for following our advice and creating an early draft of the changes at our insistence "because it is relatively stable now" :-) Hah, hah. He should know better by now. But thanks anyway, Bill. This is a good starting point. 1. Digital Signature: since this was written, we pretty much stripped the DSig Profile down to be a pointer to SAML's use of DSig, although we did include some specific information about making XACML document instances canonical enough for signing. So I recommend rewording as follows: This Profile describes the use of the W3C XML-Signature Syntax and Processing Standard to provide authentication and integrity protection for XACML schema instances. Rather than introduce new elements or features to XACML, this Profile recommends use of the OASIS Security Assertion Markup Language and its use of XML Digital Signatures. In addition, this profile provides guidance on the canonicalization of XACML schema instances. 2. As mentioned before, remove the LDAP profile section, as there is no standard LDAP profile. 3. Privacy and RBAC: in both of these, XACML does not exactly "introduce" the various new terms, since those are picked up from other standards or regulations. Perhaps: describes the use of XACML in the context of the "custodian" and "owner" concepts (for privacy), and ...describes the use of XACML with the concepts of junior role, multi-role permissions, RBAC, role, and senior role (for RBAC). 4. SAML Integration: "XACMLAuthorizationDecisionQuery" and "XACMLAuthorizationDecisionStatement" were changed to "XACMLAuthzDecisionQuery" and "XACMLAuthzDecisionStatement" to fit SAML conventions. 5. I would include <VariableDefinition> along with <VariableReference>, since they go together. 6. Functions: there is no "url-subtree-match" function. 7. Datatypes: there is no "xpath-expression" datatype. Anne bill@parducci.net wrote: > This document slipped through the cracks when we were wrapping up XACML > 2.0. Bill sent me a copy, which I have entered into the repository. I > will post a link to it on our TC web page. I hope we can all review it and > have a vote on it at an upcoming TC meeting. > > -- Mr. Bill Parducci* > > The document named Changes Since XACML 1.0 (xacml_1.x_2.0_diffs_draft.doc) > has been submitted by Mr. Bill Parducci* to the OASIS eXtensible Access > Control Markup Language (XACML) TC document repository. > > Document Description: > This document summarizes the changes made in XACML since XACML 1.0 that > appear in the XACML 2.0 specification. > > View Document Details: > http://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=12821 > > Download Document: > http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/12821/xacml_1.x_2.0_diffs_draft.doc > > > PLEASE NOTE: If the above links do not work for you, your email application > may be breaking the link into two pieces. You may be able to copy and paste > the entire link address into the address field of your web browser. > > -OASIS Open Administration -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]