OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Changelog for CS ballot

All,

Here is the change log since the first public review:

All,

Here are all the changes we have made in the specs since the previous public review:


Cross references across the specs have been updated in all specs as well the copyright date.


xacml-3.0-core-spec and the core schema:

• Fix typos in examples.

• Fix typos in schema fragments.

• Clarified glossary definition of “obligation” it also mentions that obligations can occur in rules.

• Clarified glossary definitions of “policy”, “rule” and “policy set” so they mention that they can contain advice (and obligations for rules).

• Updated reference to XML spec to fifth edition.

• Clarified introductory section (2.3) to combining algorithms.

• Improved consistency in text regarding obligation/advice vs obligation/advice expressions.

• Improved consistency in text about that advice/obligations can occur in rules.

• Correct errors in the example policies and requests.

• Misc improvements in wording and correction of typos in various places (no substantive changes).

• Corrected definition of elements <Rule>, <Policy> and <PolicySet> so they correctly reference obligation and advice expressions.

• Made a reference to PEP bias from definition of <PolicySet>, instead of incorrectly mandating a “Deny” in the PEP in case of obligation failure.

• Allow <AttributeAssignmentExpression> to evaluate to a bag.

• Removed redundant occurrence indicators from the RequestType schema definition.

• Removed note about XPath 2.0 expert review.

• Clarified error behavior of advice/obligations.

• Added AdviceId as part of the extensibility list in section 8.1.

• Renamed functions uri-starts-with to anyURI-starts-with, uri-ends-with to anyURI-ends-with, uri-contains to anyURI-contains and uri-substring to anyURI-substring

• Fixed typos which referenced non-existing data types urn:…:xacml:…*duration.

• Reversed the arguments of the string-starts-with, string-ends-with, string-contains, anyURI-starts-with, anyURI-ends-with and anyURI-contains functions.

• Clarified error behavior of the string-substring and anyURI-substring functions.

• Generalized the xpath-node-match function so it can select any XML node type.

• Removed the obsolete attribute id urn:oasis:names:tc:xacml:1.0:resource:xpath

• Make it clear that an attribute selector may select an element node.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Added an optional “offset” to <AttributeSelector> in the form of the ContextSelectorId XML attribute.

• Improved and moved text about the <AttributeSelector>.

• Simplified the schema of <PolicyIdentifierList>

• Removed text which says that the XACML conformance tests are hosted on the Sun website.

• Added references to sections 5, 6, 7, A, B and C in conformance section.

• Made the evaluation context of xpaths better specified.

• Make text about multiple arguments in the multiply functions more consistent.

• Generalized the any-of, all-of, any-of-any and map functions to functions with more arguments.

• Removed an unnecessary reference to SAML in section B.4. (Authentication credentials can come from other sources as well in general, so the reference to SAML was too restrictive.)

• Updated Acknowledgements.

• Restrict <Content> to a single child element.

• Replace the EntireHierarchy multiple decision combining mechanism with a more restricted scheme controlled by the CombinedDecision XML attribute in the <Request> element.

• Fixed errors in the reference section.

• Updated cross references to the profiles.

• Removed reference to “leaf” nodes in section 7.3.2 since this was unnecessary restriction.

• Removed statement in section B.4 which said that the subject-id is a string by default.



xacml-3.0-administration-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Fix typos.

• Fix errors in examples.


xacml-3.0-dsig-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Fixed a broken bookmark in a reference.


xacml-3.0-hierarchical-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Fixed typos.

• Fix 2.0 -> 3.0 typos in some identifiers.

• Improved formatting conventions.

• Updated reference to RFC 3986 (was RFC 2396).

• Clarified meaning of the profile identifiers (they are only metadata about the functionality).

• Improved the URI scheme with XML node pointers.

• Use content-selector instead of resource-id for the XML/XPath scheme.

• Don’t specify the “ancestor attributes” in the XML/XPath scheme.



xacml-3.0-multiple-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Changed name to “Multiple Decision Profile”

• Improved abstract.

• Updated all text to talk about “multiple decisions” instead of “multiple resources”

• The XML/XPath scheme uses now the content-selector and multiple:content-selector attributes instead of resource-id. This also generalizes the XML scheme to other categories than the resource.

• Clarified meaning of the profile identifiers (they are only metadata about the functionality).

• Separate the “ancestor scheme” and the XML scheme from each other, that is, don’t use the ancestor attributes for the XML scheme.

• Reworded some text to make it clearer.

• Drop the “EntireHierarchy” scope in favor of the new CombinedDecision XML attribute of the <Request> element.

• Added a new section which specifies the overall order of processing of the various schemes.

• Drop the XPathExpression scope in favor of the new multiple:content-selector attribute.

• Rename some of the schemes and the associated metadata identifiers.



xacml-3.0-privacy-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Fixed formatting issues.

• Fixed errors in the XML fragment.



xacml-3.0-rbac-v1-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Clarified that a permission policy set may contain policy sets.

• Fixed formatting issues.

• Fixed errors in examples.


xacml-profile-saml2.0-v2-spec:

• Updated Acknowledgements.

• Fixed formatting of OASIS spec references so they correspond to the OASIS template.

• Added an extension point to the AuthZ query schema.

• Fix formatting issues.

• Removed a reference to a non-existing section.



In addition to the above, in all schema files:

• Fixed schema import cross reference URLs

• Fixed OASIS copyright


Best regards,
Erik


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]