xacml message

Subject: RE: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded

From: Hal Lockhart <hal.lockhart@oracle.com>
To: Steven Legg <steven.legg@viewds.com>, Erik Rissanen <erik@axiomatics.com>, xacml@lists.oasis-open.org
Date: Thu, 30 Oct 2014 11:43:35 -0700 (PDT)

OK. Can one of you guys propose specific text for Section 4.10?

Hal

> -----Original Message-----
> From: Steven Legg [mailto:steven.legg@viewds.com]
> Sent: Thursday, October 30, 2014 2:24 AM
> To: Erik Rissanen; Hal Lockhart; xacml@lists.oasis-open.org
> Subject: Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-
> diff.doc uploaded
> 
> 
> Hi Erik & Hal,
> 
> On 30/10/2014 12:59 AM, Erik Rissanen wrote:
> > Hi Hal,
> >
> > Thanks. I understand the intent and it's correct as I can see.
> Section 4.10 could perhaps be formulated in a more clear manner by
> structuring it based on the three indeterminate cases:
> 
> I agree, especially in regard to describing the extended indeterminate
> value for policy P, which the new draft doesn't do.
> 
> > Indet{DP}: first follow PP or PI edges. Then search again and follow
> DP or DI edges.
> 
> If both searches are successful, then policy P is treated as
> "Indeterminate{DP}"; otherwise, if only the first search is successful,
> then policy P is treated as "Indeterminate{P}"; otherwise, if only the
> second search is successful, then policy P is treated as
> "Indeterminate{D}"; otherwise, policy P is treated as "NotApplicable".
> 
> Note that the current text talks about discarding policy P when graph
> searches fail, but combining algorithm definitions have cases for
> policies that are "NotApplicable"
> rather than cases for policies that are discarded, so I think it is
> more appropriate in this profile to use 'treated as "NotApplicable"'
> instead of 'discarded'.
> 
> > Indet{P}: search once and follow PP or PI edges
> 
> And if the search is successful, then policy P is treated as
> "Indeterminate{P}"; otherwise, policy P is treated as "NotApplicable".
> 
> > Indet{D}: search once and follow DP or DI edges.
> 
> And if the search is successful, then policy P is treated as
> "Indeterminate{D}"; otherwise, policy P is treated as "NotApplicable".
> 
> In section 4.8, this statement:
> 
>     "If it possible to reach a trusted policy in this manner,
>      the policy P is treated as "Indeterminate" in combination of the
> policy set."
> 
> should read:
> 
>     "If it is possible to reach a trusted policy in this manner,
>      the policy P is treated as "Indeterminate{P}" in combination of
> the policy set."
> 
> Note also the missing "is".
> 
> In section 4.9, this statement:
> 
>      "If it possible to reach a trusted policy in this manner,
>       the policy P is treated as "Indeterminate" in combination of the
> policy set."
> 
> should read:
> 
>      "If it is possible to reach a trusted policy in this manner,
>       the policy P is treated as "Indeterminate{D}" in combination of
> the policy set."
> 
> Regards,
> Steven
> 
> > Best regards,
> > Erik
> >
> > On 2014-10-28 20:10, Hal Lockhart wrote:
> >>
> >> The new text is based on Steven's comments from June 2011:
> >>
> >> https://lists.oasis-open.org/archives/xacml-
> comment/201106/msg00004.h
> >> tml
> >>
> >> See Issue 98 in the wiki.
> >>
> >> Please check to see if I got it right.
> >>
> >> Hal
> >>
> >> *From:*Erik Rissanen [mailto:erik@axiomatics.com]
> >> *Sent:* Tuesday, October 28, 2014 10:38 AM
> >> *To:* xacml@lists.oasis-open.org
> >> *Subject:* Re: [xacml] Groups -
> >> xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
> >>
> >> Hi Hal,
> >>
> >> I did a quick review and most of the changes are fine I think. The
> one to be careful about I guess is the extended indeterminate in the
> reduction algorithm. Was there previous discussion about that on the
> list, which could be reviewed to understand the thinking behind the
> solution?
> >>
> >> Best regards,
> >> Erik
> >>
> >> On 2014-10-17 17:41, Hal Lockhart wrote:
> >>
> >>     /Submitter's message/
> >>     Diff file
> >>     -- Hal Lockhart
> >>
> >>     *Document Name*: xacml-3.0-administration-v1.0-wd30-diff.doc
> >> <https://www.oasis-
> open.org/apps/org/workgroup/xacml/document.php?doc
> >> ument_id=54337>
> >>
> >>     ----------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> ------------------------------------------------------------------!
>  --------
> 
> >>
> >>     *Description*
> >>     Differences between WD 29 and WD 30
> >>     Download Latest Revision <https://www.oasis-
> open.org/apps/org/workgroup/xacml/download.php/54337/latest/xacml-3.0-
> administration-v1.0-wd30-diff.doc>
> >>     Public Download Link
> >> <https://www.oasis-
> open.org/committees/document.php?document_id=54337
> >> &wg_abbrev=xacml>
> >>
> >>     ----------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> -----------------------------------------------------------------------
> ------------------------------------------------------------------!
>  --------
> 
> >>
> >>     *Submitter*: Hal Lockhart
> >>     *Group*: OASIS eXtensible Access Control Markup Language (XACML)
> TC
> >>     *Folder*: Specifications and Working Drafts
> >>     *Date submitted*: 2014-10-17 08:41:02
> >>
> >
>

Follow-Ups:
- Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Steven Legg <steven.legg@viewds.com>
- Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Steven Legg <steven.legg@viewds.com>

References:
- Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Hal Lockhart<hal.lockhart@oracle.com>
- Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Erik Rissanen <erik@axiomatics.com>
- RE: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Hal Lockhart <hal.lockhart@oracle.com>
- Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Erik Rissanen <erik@axiomatics.com>
- Re: [xacml] Groups - xacml-3.0-administration-v1.0-wd30-diff.doc uploaded
  - From: Steven Legg <steven.legg@viewds.com>