[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: FW: [xacml] Groups - Export Control - U.S. (EC-US)
Replies inline... >Section 2.2, about subject nationality: It uses "RECOMMENDED" for the use of ISO country codes. Maybe this should be MUST to make it more interoperable? JT: We had thought that it might be better to leave it up to implementers to decide if they should use 2- or 3-letter country codes. >Also, it's unclear to me whether the "nationality" attribute lists only those nations where the subject is currently a citizen, or all nationalities the subject has possessed. It doesn't say the latter, but I am asking because there is also a "current-nationality". What's the difference? Is the difference that current nationality is single valued while "nationality" may be multi valued. But then, why would the most recently assigned nationality be special? JT: Current nationality is used for EAR; all nationalities are considered for ITAR. We would expect that all nationalities would be returned in a bag of attribute values for ITAR decisions. >Section 2.2.3, the location attribute: Do you need a value for if the subject is located outside any country, like on international waters? BTW, the same about citizenship. there are people who have no citizenship. JT: It is my understanding that you couldn't legally ship to "international waters" or to a person without citizenship status. Cases where null values in those attributes occur should yield a "Deny" decision. >BTW, the location attribute may be difficult to authenticate securely since it very easy to proxy a network connection through a middle man located wherever in the world. JT: Agreed. We're hoping that mechanisms that provide better assurance will be developed. >2.2.5: what is the definition of a "US person". Maybe you can refer to some EC law which defines it? JT: See http://www.access.gpo.gov/bis/ear/pdf/744.pdf >General: Would it be good if there were some general text which explains why these attributes are sufficient and/or useful for the purposes of export control? JT: See http://www.bis.doc.gov/licensing/exportingbasics.htm. This is a really good resource. Thanks -----Original Message----- From: Erik Rissanen [mailto:erik@axiomatics.com] Sent: Monday, May 18, 2009 8:02 AM To: Tolbert, John W Cc: xacml@lists.oasis-open.org Subject: Re: [xacml] Groups - Export Control - U.S. (EC-US) (xacml-3.0-ec-us-v1-spec-wd-01-en.doc)uploaded Hello John, This looks good to me. A couple of notes: Section 2.2, about subject nationality: It uses "RECOMMENDED" for the use of ISO country codes. Maybe this should be MUST to make it more interoperable? Also, it's unclear to me whether the "nationality" attribute lists only those nations where the subject is currently a citizen, or all nationalities the subject has possessed. It doesn't say the latter, but I am asking because there is also a "current-nationality". What's the difference? Is the difference that current nationality is single valued while "nationality" may be multi valued. But then, why would the most recently assigned nationality be special? The doc is probably as you intended, but for me reading, it's a bit confusing why it would be like this. But I don't know much about the US EC regulations... :-) Section 2.2.3, the location attribute: Do you need a value for if the subject is located outside any country, like on international waters? BTW, the same about citizenship. there are people who have no citizenship. BTW, the location attribute may be difficult to authenticate securely since it very easy to proxy a network connection through a middle man located wherever in the world. 2.2.5: what is the definition of a "US person". Maybe you can refer to some EC law which defines it? General: Would it be good if there were some general text which explains why these attributes are sufficient and/or useful for the purposes of export control? Best regards, Erik john.w.tolbert@boeing.com wrote: > Working draft for XACML EC-US profile (export control - US). > > -- Mr. John Tolbert > > The document named Export Control - U.S. (EC-US) > (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) has been submitted by Mr. John > Tolbert to the OASIS eXtensible Access Control Markup Language (XACML) > TC document repository. > > Document Description: > Profile listing attributes for using XACML to make export control (US) > authorization decisions. > > View Document Details: > http://www.oasis-open.org/committees/document.php?document_id=32131 > > Download Document: > http://www.oasis-open.org/committees/download.php/32131/xacml-3.0-ec-u > s-v1-spec-wd-01-en.doc > > > PLEASE NOTE: If the above links do not work for you, your email > application may be breaking the link into two pieces. You may be able > to copy and paste the entire link address into the address field of your web browser. > > -OASIS Open Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]