I concur David, unless the Consent Directive is being sent to another ACS this is not needed. I have also reviewed the NHIN Connect 2.1 Policy Engine Design document and I do not see anything that would suggest current or future requirement.
Regards,
Duane DeCouteau
_______________________________
From: "Staggs, David (SAIC)" <David.Staggs@va.gov>
To: xspa@lists.oasis-open.org
Sent: Wednesday, June 24, 2009 2:36:49 PM
Subject: [xspa] Q 6& 7 on spreadsheet listing NHIN comments on XSPA
Colleagues
Comment 6 & 7 “Add an attribute “Rule Start Date” and “Rule End Date” to the XSPA XACML profile.”
The suggestion made in the comment would be a significant extension to the authorization model. Currently neither the SAML nor the XACML XSPA profile communicate policies or policy information. The profile focuses on the authorizations of the requestor; the policies (organization security policies and consent directives) are provided at each ACS.
I can understand the need to specify the attribute “Rule Start Date” and “Rule End Date” if one is sending policies to a remote ACS policy store but I do not see
how it fits into the XSPA attribute information profile. The information can be specified outside the profile, of coarse.
With this explanation, does anyone still how the addition of the attributes “Rule Start Date” and “Rule End Date” is consistent with the authorization profile?
Regards,
David
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Emerging Health Technologies
Office: 858 433 1473
David Staggs, JD, CISSP (SAIC)
Veterans Health Administration
Chief Health Informatics Office
Emerging Health Technologies
Office: 858 433 1473