Some issues about WD-17

["Diego M. Gonzalez" <diegog@lagash.com>]

Hi,

 

I was reading the XACML 2.0 WD-17 and I found some issues that I'll like to raise to the TC.

 

 - What happens with the resource attributes defined in 1.1? They will be not supported in 2.0?

 - In line 4000 (wd-17) there is a reference to the type "urn:oasis:names:tc:xacml:2.0:data-type:ipAddress", but in the line 3987, there is a data type named "urn:oasis:names:tc:xacml:1.0:data-type:ipAddress". Which one is valid?

 - In line 4011 (wd-17) there is a reference to the type "urn:oasis:names:tc:xacml:1.0:data-type:dnsName", but in the line 3988, there is a data type named "urn:oasis:names:tc:xacml:1.0:data-type:ipAddress". Which one is valid?

 - DnsName and ipAddress are new data types, but the section 10.2.8 have not been updated with the functions supported for those data types. This is still pending?

 - In the section 10.2.8, there is a new function added "urn:oasis:names:tc:xacml:2.0:function:time-in-range" which is named "urn:oasis:names:tc:xacml:1.0:function:time-in-range" in line 4355. Which one is valid?

 - The section 10.2.7, was not updated with the new data types defined in A.2, those data types are still under discussion?

 

 - The functions that apply to any type with the name <type>-equal, <type>-greater-than, <type>-greater-than-or-equal, etc (described in the section 7.5). In the spec they, are preceded by "urn:oasis:names:tc:xacml:2.0:function", it means the name of the funtions of the previous version are not valid anymore? It means that V2 policies can't have V1 functions? The other functions described in the spec in section 1.2.8 and A.3 keeps the same old prefix used for V1 "urn:oasis:names:tc:xacml:1.0:function", is any typo error in the spec?

 

Thanks,

Diego González

Lagash Systems SA