Subject: Request for requirements:must XACML policy references match internalpolicy identifiers?
The OASIS XACML Technical Committee is considering specifying the requirements on the PolicyIdReference and PolicySetIdReference elements more explicitly in XACML 3.0. We would like feedback from XACML users and developers regarding the impact of this change. Proposed change: The value included in a Policy[Set]IdReference element SHALL match the value of the Policy[Set]Id XML attribute in the referenced policy. The current specifications do not clearly state this as a requirement. The XACML TC would like feedback from any implementers or users who would be affected by this proposed change. Clearly, there must be only one Policy[Set] that can match any given Policy[Set]IdReference, but there are at least two use cases for letting different values in Policy[Set]IdReference instances refer to the same Policy[Set]: for examples, see http://lists.oasis-open.org/archives/xacml/200703/msg00076.html If you depend on allowing policy references that do NOT match the internal policy identifiers, please 1) Send us your use case(s). 2) Indicate whether your usage is in a research implementation or in a commercial planned or production system. 3) Let us know how difficult it would be for your system to adapt to the proposed change, if it were made. You are also invited to send use cases where the proposed change would simplify your usage of XACML. Regards, Anne Anderson -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692