OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: Comments on draft-sstc-hodges-glossary-01

Hi, thanks for the feedback.

"Edwards, Nigel" wrote:
> 1. "Access control request" is equated with access request. 
>    This seemed
>    a little strange to me. To me the intuitive version would be that
>    "Access control request" is a request to control access that may be
>    made by an administrator on a policy decision point to change its
>    behaviour. I suggest deleting "Access control request" (on the
>    gounds "less is more").

Sounds fine. I can't easily determine from the refs why it got it there, so
I'll remove it and we'll see if it surfaces down the road.

> 2. I was expecting to see definitions of PDP and PEP. 

An artifact due to time & bandwidth constraints last week. They're in the -02
version which is spread across the proverbial workbench and will be buttoned up
& sent out before friday this week. 

> 3. "Subject" seems to be adequately covered by the definition of
>    "security subject". I don't think further qualification is
>    necessary.

I'm not sure I agree without thinking about it a bit more. There's a fine
distinction being made about what role (active or passive) a subject has donned
and we might want to simply make that distinction in the terminology. thoughts?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC