OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] RBAC


Hi,

I just saw in the minutes of the previous meeting that wd 1 was voted up, so I will defer from making any changes until the public review has completed.

Best regards,
Erik


On 2014-08-08 08:44, Erik Rissanen wrote:
Hi,

I agree with Rich. I will post a new working draft with the old abstract.

Best regards,
Erik

On 2014-08-08 08:02, rich levinson wrote:
Hi Bill,

I agree that the Abstract should be fixed, but I suggest using the abstract from CS01,
which also includes the reason for the name of the profile:
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-rbac-v1-spec-cs-01-en.pdf
"Abstract:
This specification defines a profile for the use of XACML in expressing policies that use role based access control (RBAC). It extends the XACML Profile for RBAC Version 1.0 to include a recommended AttributeId for roles, but reduces the scope to address only “core” and “hierarchical” RBAC. This specification has also been updated to apply to XACML 3.0."
i.e. in order to change the name the abstract would have to be changed
to provide notice that only part of RBAC is supported, namely the core
and hierarchical parts.

So, I think it is less confusing for readers who are new to the profile and
probably familiar w RBAC, to leave it as is, so they are immediately
notified by the title that only the specified subset is supported.

I think it is only people familiar w xacml specs that might be confused
by the title, but they should quickly discover that there is a good reason
for the title.

In addition, the notions of "core RBAC" and "hierarchical RBAC" are
woven thru-out the text and if these terms were not in the title,
abstract, then there would need to be some significant up-front
intro to these concepts, and explanation that they are the ONLY
part of RBAC that is supported. w/o such an intro, where they
are introduced in section 4 would seem to be popping up out
of the blue, imo.

This all happened long before my time on the TC, but I have found that
almost all of the work done on the early versions of the specs (and the
current versions as well for that matter) was well thought out and that
there are solid reasons for a lot of things that may not be obvious when
first encountered.

Therefore I am generally skeptical about proposed changes that are
intended to "simplify" that which may have good reason to be more
complicated than one might at first think.

    Thanks,
    Rich


On 8/7/2014 9:33 PM, Bill Parducci wrote:
I just realized the Abstract in the latest Working Draft of the RBAC Profile has the template text in it. I personally consider fixing this to be non-material, but if there is concern that it is not then please let me know so that I can notify TC Admin. I suggest the default text be replaced with "Profile for the use of XACML to be used for Role Based Access Control."

If we do pull it back, then I would like to revisit the name. I think having "Core" in the title can be confusing.

thanks

b



---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that 
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 


--
Thanks, Rich

Oracle
Rich Levinson | Internet Standards Security Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803

Green Oracle Oracle is committed to developing practices and products that help protect the environment





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]