[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Questions on "Introducing attribute categories"
RE: http://lists.oasis-open.org/archives/xacml/200603/msg00002.html Two comments, plus one stated by Erik: 1. Section 2.2 says [Current specification ... defines] "Resource category Multiple resource groups may be specified in request" Is this referring to the "Multiple resources profile"? Otherwise the current specification allows for only one group of attributes for one resource. 2. Section 4.1 says [In this proposal, in the Request schema] "<Resource> and <ResourceContent> elements are preserved, so that path expressions used to identify parts of the resource content in XACML 2.0 need not be changed." I don't see why these are kept when <Subject>, <Action>, etc. are changed, and path expressions used to identify parts of XML element-valued Attributes in those other sections will have to change. While we are at it, is there a good reason why "ResourceContent" can't be an XML element-valued Attribute just as Subject, Action, and Environment Attribute values that are XML elements are? 3. This comment comes from Erik: For the delegate category, we need a way to distinguish a category not being present from a particular Attribute not being present. Lack of a delegate category is how an access policy is distinguished from an administrative policy. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]