OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml-comment] Re: Problems understanding XACML spec


Thank you for submitting your comments.

The public review of XACML 1.0 is being held with respect to
XACML 1.0, and not with respect to the 18d draft.  The
specification changed a great deal between 18d and the 1.0
version.  We fixed a number of inconsistencies, and improved the
wording of a number of sections.

We will try to consider your comments to the extent we believe
they still apply to XACML 1.0.  Please submit any future comments
against this version.

There is a link to XACML 1.0 and the schemas on the XACML TC Web
Page at http://www.oasis-open.org/committees/xacml/

Anne Anderson, comments editor
On behalf of the XACML TC

On 20 November, Graham Klyne writes: Problems understanding XACML spec
 > From: Graham Klyne <GK@NineByNine.org>
 > To: anne.anderson@Sun.COM
 > Subject: Problems understanding XACML spec
 > Date: Wed, 20 Nov 2002 13:40:25 +0000
 > [This comment was sent to the XACML comments list, and bounced.  I'm 
 > sending it to you at Steve Hanna's suggestion.  #g]
 > I'm having a really hard time understanding what you're trying to say in 
 > the XACML spec:
 > http://www.oasis-open.org/committees/xacml/repository/draft-xacml-schema-policy-18d.doc
 > The description of a rule seems to be inadequately motivated.
 > The description in section 2 (background) says "The <Rule> element contains 
 > a boolean expression that can be evaluated in isolation..." which doesn't 
 > do anything to prepare me for the description I find in section 3.3.1.  I'm 
 > finding it particularly hard to see
 > (a) what this Boolean expression is evaluated over  (it seems to have 
 > something to do with the rule target), and
 > (b) how the Boolean result relates to the evaluation of the rule.  I can 
 > see that a Boolean true results in Permit or Deny depending on the value of 
 > the rule's effect field, but what happens if the Boolean value is false?
 > As far as I can tell, understanding this is crucial to understanding all 
 > the other stuiff about combining rules and policies.  Under what 
 > circumstances is a rule found to be "NotApplicable"?
 > I also find the reference to the fact that a rule may "inherit" target 
 > information from a policy is particularly obscure.
 > It seems to me that the idea of a rule is fundamental to understanding this 
 > specification, but that vital idea is not adequately explained.
 > It may be that the information is present somewhere in this document, but 
 > it is a big and complicated document and I can't tell what's important.  I 
 > think more attention needs to be paid to the order in which concepts are 
 > introduced.  I would expect section 2 to deal with this, but it seems some 
 > important ideas are not being adequately explained.
 > I also think there's an over-dependence in the text on abbreviations that 
 > are introduced in the glossary.  There are many special terms, and ordinary 
 > words used with special meaning, and it's not reasonable to assume that 
 > someone not familiar with them to absorb them on one pass through the glossary.
 > #g
 > -------------------
 > Graham Klyne
 > <GK@NineByNine.org>

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC