[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Comments on abstract/Introduction of Security Policy Examplesdocument
Hi, As I began reviewing the Security Policy Examples doc, I noted some inconsistency regarding the stated purpose of the document. The Abstract states: "The purpose of this document is to provide guidelines for service providers on how to set up policies for various circumstances. It is also to provide guidance to service consumers as to what kind of token policies they are likely to encounter and how to interpret the policy requirements." whereas the Introduction says: "The purpose of this document is to get agreement on a set of typical examples that that would be useful to users. If and when we reach agreement, and if the WG so agrees, we can reference example messages either in an appendix to this document or by referencing other documents such as published interop documents." The Introductory text quoted seems odd, as it is addressed to the members of the TC rather than the target audience of the Examples doc. IMO, the text in the Abstract overstates the case. "Guidelines for service providers" suggests that the purpose of the document is to give advice to service providers as to what policies they want to select to meet their particular business needs. Similar concerns apply to the phrase "...provide guidance to service consumers as to what kind of token policies they are likely to encounter." I thought the purpose of the Examples doc was to serve as a primer to be read in conjunction with the spec as an aid to understanding, not to suggest to service providers what their specific security requirements might be.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]