OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Request for requirements:must XACML policy references match internalpolicy identifiers?

The OASIS XACML Technical Committee is considering specifying the
requirements on the PolicyIdReference and PolicySetIdReference elements
more explicitly in XACML 3.0.  We would like feedback from XACML users
and developers regarding the impact of this change.

Proposed change:

     The value included in a Policy[Set]IdReference element SHALL
     match the value of the Policy[Set]Id XML attribute in the
     referenced policy.

The current specifications do not clearly state this as a requirement.

The XACML TC would like feedback from any implementers or users who
would be affected by this proposed change.  Clearly, there must be only
one Policy[Set] that can match any given Policy[Set]IdReference, but
there are at least two use cases for letting different values in
Policy[Set]IdReference instances refer to the same Policy[Set]: for
examples, see

If you depend on allowing policy references that do NOT match the
internal policy identifiers, please

1) Send us your use case(s).
2) Indicate whether your usage is in a research implementation or in a
commercial planned or production system.
3) Let us know how difficult it would be for your system to adapt to the
proposed change, if it were made.

You are also invited to send use cases where the proposed change would
simplify your usage of XACML.

Anne Anderson
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]