[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Final text of ballot
My votes, along with some comments. -- Marlena
{AP-1} Generalized or specialized solution
Answer:
1. We should develop a generalized solution as an interim step to
satisfying the specific requirements identified by the Use Cases
sub-committee.
{AP-2} Questions the PEP can ask the PDP
Answer:
1. "Yes/No/Can't decide".
COMMENT/Question: I'm fine with #3 in the context of an authorization
decision. I thought this is what was meant, but now I see that the
wording of #3 doesn't mention an authZ decision..
I'd like to vote as follows:
Yes, for the PEP soliciting additional information as part of its
authorization decision request.
No, for the PEP soliciting attributes (and just attributes) from a
PDP. (Reason: This is not what I understand the PEP-PDP authZ interaction
to be about. Doing an attribute query is a different matter than an
requesting an authorization decision (IMHO). (I'd hate to have both
a 'real' attribute query and also one that is wearing the hide of
an authZ decision query.)
{AP-3} Question: should we define a PDP-PDP protocol?
Answer:
2. No.
{AP-4} The number of assertions in a message
Question: How many assertions may appear in a single message?
Answer:
3. An unlimited number.
COMMENT: My feeling is that related assertions
might well be bundled together in a single message. Having
"depends on" fields (or the like) that contain assertion references
doesn't strike me as sufficient. That said, I don't feel very sure
about this, and would welcome more discussion.
{AP-5} Combining components
Answer:
1. The model should explicitly identify that components of the model
may be combined.
{AP-6} Assertion validation component
Answer:
1. The model should identify "assertion validation" as a separate
component.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC