OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Issues Status

At 10:19 AM 2/15/02 -0500, Hal Lockhart wrote:
>You sold me personally on this concept at the recent XACML meeting. 
>However, when thinking about this yesterday, something else occurred to 
>me. The minOccurs value is a sign post to readers who are trying to 
>understand the specification. They can for example, tell at a glance that 
>Advice is an optional feature they don't have to bother with if they don't 
>have any use for it. Similiarly, they can see at a glance that the use of 
>signatures is optional.
>If we allow Statement to have a minOccurs of zero, it will not be obvious 
>to most people that the Statement is the whole point of the assertion -- 
>that it contains the crucial information payload that the RP is looking 
>for. I suspect this is one of those things that if we do it, we will find 
>that we constantly have to explain it.

The metadata provided as part of the Assertion infrastructure is meant to 
apply to *something*, and the semantics of the metadata would be in doubt 
if there were no statements to apply them to.  In such cases it's a common 
design pattern to require at least one statement, and that's what I think 
we should continue to do.

Eve Maler                                    +1 781 442 3190
Sun Microsystems XML Technology Center   eve.maler @ sun.com

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC