[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: New delegation draft
All, I have uploaded draft 10 of the delegation profile. The most important change is that I have added reduction of deny by making the effect part of the situation. I have not made the target schema open since Daniel is going to do that. I was also thinking about adding a new section for the upcoming SAML profile, but since there was no agreement on what it should contain during the last meeting, I am going to wait. It would be nice if we could agree on this soon: Should additional policies and attribute assertions be included in the request context or the SAML profile? During the F2F the agreement of the participants was to add them to the SAML profile (see the minutes of day 3, issue #5), but Frank recently suggested the request context and there was no agreement on this during the last meeting. As soon as this is decided, I will change the documents appropriately. I did not make the choice between historic/current issuer attribute models part of the PolicySet schema since it is supposed to be a PDP global setting. It is mentioned in the normative section though. A small note: in this new draft we support reduction of deny at the access level but not at the administrative level. At the administrative level we do not support issuing of policies that evaluate to deny. However, a trusted policy can still evaluate to deny at any level. I don't think that is a problem and might even be a desirable feature, but give it a thought. There is a small inconsistency in that we allow negative administrative policies by the trusted issuer but not by "normal" issuers. Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]