OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [security-services] "AuthorizationQuery" and "AuthorizationStatement"are misleading names

Early in the process of this committee we decided, after much contention
and explanation and careful thought about concepts and terminology, that
one of our three assertions (now statements, of course) is an
"Authorization Decision Assertion", where that name precisely captures the
intent of the structure.  In particular we observed as part of that
discussion that the single word "authorization"  by itself can mean so
many different things that it has to be qualified to be useful.  The text
of core-20, in section 1, uses the term "Authorization Decision
Assertion", and section 1.5 has this phrase as its title.

However, the actual name of the element, as specified in section 1.5 and
elsewhere, is "AuthorizationStatement".  And, the name of the
corresponding query element, as specified in section 2.5, is
"AuthorizationQuery".  It seems to me that these names are misleading and
should be changed.  This is especially true since a likely user of our
statement structures is the XACML work, which (though I haven't followed
it) is supposedly about managing and expressing authorization information.

So, I strongly suggest that these elements be renamed
"AuthorizationDecisionStatement" and "AuthorizationDecisionQuery" and that
the corresponding types be similarly renamed.

 - RL "Bob"

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC