[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] RE: RuleID
This issue has been neglected because none of the standard combining algorithms use the parameters. BTW, is anyone aware of any other combining algorithms in use? (not including on-permit-apply-second) Hal > -----Original Message----- > From: Steven Legg [mailto:steven.legg@viewds.com] > Sent: Thursday, October 17, 2013 6:45 PM > To: Danny Thorpe; Sinnema, Remon > Cc: xacml@lists.oasis-open.org > Subject: Re: [xacml] RE: RuleID > > > Ray & Danny, > > I can't find any explicit statement about the uniqueness of RuleID, but > there is a pragmatic requirement in that the <RuleCombinerParameters> > element references a rule. RuleIDs have to at least be unique within a > policy so that the rule references in <RuleCombinerParameters> elements > are unambiguous. Of course there are no standardized rule combining > algorithms that use parameters, so this is a weak requirement. > > Or it might be no requirement at all. I notice that > <PolicyCombinerParameters> and <PolicySetCombinerParameters> reference > a PolicyId or a PolicySetId without a version. Since the consensus > seems to be that only the combination of Id and version should be > unique, it is possible that <PolicyCombinerParameters> and > <PolicySetCombinerParameters> can have ambiguous references. It would > only happen if different versions of the same policy (set) were > children of the same parent policy set, which is odd, but I don't see > anything that rules it out. The wording of the core spec suggests that > ambiguous references are unintended. > > Steven > > On 16/10/2013 4:12 AM, Danny Thorpe wrote: > > RuleId only has to be unique within its containing policy. Reason: > Rules can't be referenced outside of their policy. > > > > -Danny > > > > *Danny Thorpe * > > > > Authorization Architect > > > > *Dell*| Identity & Access Management, Quest Software > > > > Quest Software is now part of Dell. > > > > *From:*xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] > > *On Behalf Of *Sinnema, Remon > > *Sent:* Monday, October 14, 2013 11:09 PM > > *To:* xacml@lists.oasis-open.org > > *Subject:* [xacml] RuleID > > > > All, > > > > Is RuleID supposed to be globally unique, or only unique within a > policy? I couldn't find a statement about that in the core spec. > > > > Thanks, > > > > Ray > > > > > --------------------------------------------------------------------- > To unsubscribe from this mail list, you must leave the OASIS TC that > generates this mail. Follow this link to all your TCs in OASIS at: > https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]