OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml] RE: RuleID


This issue has been neglected because none of the standard combining algorithms use the parameters.

BTW, is anyone aware of any other combining algorithms in use? (not including on-permit-apply-second)

Hal

> -----Original Message-----
> From: Steven Legg [mailto:steven.legg@viewds.com]
> Sent: Thursday, October 17, 2013 6:45 PM
> To: Danny Thorpe; Sinnema, Remon
> Cc: xacml@lists.oasis-open.org
> Subject: Re: [xacml] RE: RuleID
> 
> 
> Ray & Danny,
> 
> I can't find any explicit statement about the uniqueness of RuleID, but
> there is a pragmatic requirement in that the <RuleCombinerParameters>
> element references a rule. RuleIDs have to at least be unique within a
> policy so that the rule references in <RuleCombinerParameters> elements
> are unambiguous. Of course there are no standardized rule combining
> algorithms that use parameters, so this is a weak requirement.
> 
> Or it might be no requirement at all. I notice that
> <PolicyCombinerParameters> and <PolicySetCombinerParameters> reference
> a PolicyId or a PolicySetId without a version. Since the consensus
> seems to be that only the combination of Id and version should be
> unique, it is possible that <PolicyCombinerParameters> and
> <PolicySetCombinerParameters> can have ambiguous references. It would
> only happen if different versions of the same policy (set) were
> children of the same parent policy set, which is odd, but I don't see
> anything that rules it out. The wording of the core spec suggests that
> ambiguous references are unintended.
> 
> Steven
> 
> On 16/10/2013 4:12 AM, Danny Thorpe wrote:
> > RuleId only has to be unique within its containing policy.  Reason:
> Rules can't be referenced outside of their policy.
> >
> > -Danny
> >
> > *Danny Thorpe *
> >
> > Authorization Architect
> >
> > *Dell*| Identity & Access Management, Quest Software
> >
> > Quest Software is now part of Dell.
> >
> > *From:*xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org]
> > *On Behalf Of *Sinnema, Remon
> > *Sent:* Monday, October 14, 2013 11:09 PM
> > *To:* xacml@lists.oasis-open.org
> > *Subject:* [xacml] RuleID
> >
> > All,
> >
> > Is RuleID supposed to be globally unique, or only unique within a
> policy? I couldn't find a statement about that in the core spec.
> >
> > Thanks,
> >
> > Ray
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]