[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Chronicle Attribute
Hi Daniel yes encoding IDs would be one solution. Erik already suggested combining Chronicle with the obligation ID, but I thought it would potentially explode the number of IDs that would need to be defined in any profile. Furthermore it is difficult to specify how a common factor is placed into all IDs. In your example you tend to suggest that each ID after the ? separator will be potentially infinite in content. But if many IDs have common components that could be factored out, then this would argue for separate attributes for each common factor. I think the obligations category work described at http://wiki.oasis-open.org/xacml/ProposalForObligations is taking this latter approach isnt it? So to conclude, as a short term measure, to remain conformant to XACMLv2, we can specify timing encodings for obligation IDs, but as a longer term solution, obligation categories or families can provide a common way of specifying timings for all obligations. regards David Daniel Engovatov wrote: > Why not just add this as a part of the obligation URI identifier? > RFC3986 provides a lot of options. Some thing like > foo://example.com/obligations/blah/fulfill?time=before#fast > > It is a slippery slope. Obligation is a black box. Selecting some > particular facet to standardize - be it "when", or "how", or "why" or > who should sign off, or how many times to try, will not make obligations > any more interoperable - and should not be part of a standard. At the > very least it should be very generic - folks may want some different > time ontologies to be used in other applications. > > Daniel. > > Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-users-help@lists.oasis-open.org > > -- ***************************************************************** David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NF Skype Name: davidwchadwick Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5 *****************************************************************
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]