OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] DLP/NAC Profile WD 6

Hi,

Thanks for the help Hal.  I don't see a problem in sections 2.1.2-5.

Issue 1:  I suggest just removing 1.7 Disclaimer, unless there is a reason for it.  For EC-US and IPC, we wanted to make sure readers understood we weren't providing legal guidance for interpreting US export regulations or intellectual property law.  For DLP and NAC, I don't think we need to say anything.

Issue 2:  Changing the datatype to urn:oasis:names:tc:xacml:3.0:data-type:dnsName-value for the subject-id- and recipient-id-qualifiers makes the most sense.  

Thoughts?


-----Original Message-----
From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Hal Lockhart
Sent: Tuesday, June 10, 2014 3:31 PM
To: XACML TC
Subject: [xacml] DLP/NAC Profile WD 6

I have uploaded wd 6 of the DLP/NAC Profile.

Richard fixed some typos and added more examples.

I altered the IP stuff as previously discussed, including examples of valid and invalid syntax.
Please look at sections 2.1.2-2.1.5 closely to see if I screwed up.

I ran into a formatting problem which Paul Knight solved for me (thank you Paul) by inserting the document into the latest template, which happens to be a .doc. It looks ok to me, but please look for weird format errors.

Unfortunately we are not quite done.

1. Section 1.7 Disclaimer contains no text. If have no disclaimers it is time to delete the header.

2. I changed ipAddress to ipAddress-value and ipAddress-pattern in various places outside of section 2, but the policy examples appear to have errors. It looks to me like we are doing a Match using a string function to test an ipAddress-value against "acme.com". This occurs at lines 592, 766, 923, 1059 and 1188. Elsewhere conversion to string is done, but not at these spots. I am not sure what is correct. Is the datatype wrong or the "acme.com"? Shouldn't we beusing the new ip Address or DNS Name functions if that is what we are checking?

We are close to finishing this, pleasegive it a close look.

Hal

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]