Hi,
I just saw in the minutes of the previous meeting that wd 1 was
voted up, so I will defer from making any changes until the public
review has completed.
Best regards,
Erik
On 2014-08-08 08:44, Erik Rissanen
wrote:
Hi,
I agree with Rich. I will post a new working draft with the old
abstract.
Best regards,
Erik
On 2014-08-08 08:02, rich levinson
wrote:
Hi Bill,
I agree that the Abstract should be fixed, but I suggest using
the abstract from CS01,
which also includes the reason for the name of the profile:
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-rbac-v1-spec-cs-01-en.pdf
"Abstract:
This specification defines a profile for the use of XACML in
expressing policies that use role based access control (RBAC).
It extends the XACML Profile for RBAC Version 1.0 to include a
recommended AttributeId for roles, but reduces the scope to
address only “core” and “hierarchical” RBAC. This
specification has also been updated to apply to XACML 3.0."
i.e. in order to change the name the abstract would have to be
changed
to provide notice that only part of RBAC is supported, namely
the core
and hierarchical parts.
So, I think it is less confusing for readers who are new to the
profile and
probably familiar w RBAC, to leave it as is, so they are
immediately
notified by the title that only the specified subset is
supported.
I think it is only people familiar w xacml specs that might be
confused
by the title, but they should quickly discover that there is a
good reason
for the title.
In addition, the notions of "core RBAC" and "hierarchical RBAC"
are
woven thru-out the text and if these terms were not in the
title,
abstract, then there would need to be some significant up-front
intro to these concepts, and explanation that they are the ONLY
part of RBAC that is supported. w/o such an intro, where they
are introduced in section 4 would seem to be popping up out
of the blue, imo.
This all happened long before my time on the TC, but I have
found that
almost all of the work done on the early versions of the specs
(and the
current versions as well for that matter) was well thought out
and that
there are solid reasons for a lot of things that may not be
obvious when
first encountered.
Therefore I am generally skeptical about proposed changes that
are
intended to "simplify" that which may have good reason to be
more
complicated than one might at first think.
Thanks,
Rich
On 8/7/2014 9:33 PM, Bill Parducci
wrote:
I just realized the Abstract in the latest Working Draft of the RBAC Profile has the template text in it. I personally consider fixing this to be non-material, but if there is concern that it is not then please let me know so that I can notify TC Admin. I suggest the default text be replaced with "Profile for the use of XACML to be used for Role Based Access Control."
If we do pull it back, then I would like to revisit the name. I think having "Core" in the title can be confusing.
thanks
b
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
--
Thanks, Rich
Rich Levinson | Internet Standards
Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle
is committed to developing practices and products that
help protect the environment
|