[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
Hi Erik & Hal, On 30/10/2014 12:59 AM, Erik Rissanen wrote:
Hi Hal, Thanks. I understand the intent and it's correct as I can see. Section 4.10 could perhaps be formulated in a more clear manner by structuring it based on the three indeterminate cases:
I agree, especially in regard to describing the extended indeterminate value for policy P, which the new draft doesn't do.
Indet{DP}: first follow PP or PI edges. Then search again and follow DP or DI edges.
If both searches are successful, then policy P is treated as "Indeterminate{DP}"; otherwise, if only the first search is successful, then policy P is treated as "Indeterminate{P}"; otherwise, if only the second search is successful, then policy P is treated as "Indeterminate{D}"; otherwise, policy P is treated as "NotApplicable". Note that the current text talks about discarding policy P when graph searches fail, but combining algorithm definitions have cases for policies that are "NotApplicable" rather than cases for policies that are discarded, so I think it is more appropriate in this profile to use 'treated as "NotApplicable"' instead of 'discarded'.
Indet{P}: search once and follow PP or PI edges
And if the search is successful, then policy P is treated as "Indeterminate{P}"; otherwise, policy P is treated as "NotApplicable".
Indet{D}: search once and follow DP or DI edges.
And if the search is successful, then policy P is treated as "Indeterminate{D}"; otherwise, policy P is treated as "NotApplicable". In section 4.8, this statement: "If it possible to reach a trusted policy in this manner, the policy P is treated as “Indeterminate” in combination of the policy set." should read: "If it is possible to reach a trusted policy in this manner, the policy P is treated as “Indeterminate{P}” in combination of the policy set." Note also the missing "is". In section 4.9, this statement: "If it possible to reach a trusted policy in this manner, the policy P is treated as “Indeterminate” in combination of the policy set." should read: "If it is possible to reach a trusted policy in this manner, the policy P is treated as “Indeterminate{D}” in combination of the policy set." Regards, Steven
Best regards, Erik On 2014-10-28 20:10, Hal Lockhart wrote:The new text is based on Steven’s comments from June 2011: https://lists.oasis-open.org/archives/xacml-comment/201106/msg00004.html See Issue 98 in the wiki. Please check to see if I got it right. Hal *From:*Erik Rissanen [mailto:erik@axiomatics.com] *Sent:* Tuesday, October 28, 2014 10:38 AM *To:* xacml@lists.oasis-open.org *Subject:* Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded Hi Hal, I did a quick review and most of the changes are fine I think. The one to be careful about I guess is the extended indeterminate in the reduction algorithm. Was there previous discussion about that on the list, which could be reviewed to understand the thinking behind the solution? Best regards, Erik On 2014-10-17 17:41, Hal Lockhart wrote: /Submitter's message/ Diff file -- Hal Lockhart *Document Name*: xacml-3.0-administration-v1.0-wd30-diff.doc <https://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=54337> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------
*Description* Differences between WD 29 and WD 30 Download Latest Revision <https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/54337/latest/xacml-3.0-administration-v1.0-wd30-diff.doc> Public Download Link <https://www.oasis-open.org/committees/document.php?document_id=54337&wg_abbrev=xacml> -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-------
*Submitter*: Hal Lockhart *Group*: OASIS eXtensible Access Control Markup Language (XACML) TC *Folder*: Specifications and Working Drafts *Date submitted*: 2014-10-17 08:41:02
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]