OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: Meta policy


> Colleagues - The topic of meta policy became clearer for me when it
> was described as a  specification of the virtual machine that executes
> the policy language.

i am with you there. this is actually a better description of the
concept i tried to formulate earlier today (the 'shim').

> For this reason, I propose that we worry about meta policy after we
> have chosen a syntax and we start into a description of the virtual
> machine that executes it.  When we encounter choices in our
> description of the machine, we are identifying candidate meta
> policies.  Hopefully, we will be able to select a single option for
> each of the choices and call the result the default meta policy.  The
> way will then be left open for others to make different choices and
> thereby define alternative meta policies.  These, however, could be
> out of scope for XACML v1.

whoa. remove the word 'hopefully' and the last two sentences and we are
in complete agreement :o)

to follow up on my rant from the f2f, non deterministic outcomes from a
given policy (+ environment parameters) is not acceptable in any version
of xacml from my perspective. that will immediately lead to numerous
implementations and the onerous (and i posit, largely unachievable) task
of trying to retrofit a few man years of vendor development effort via
promises of future technical elegance. once the xacml horse is out of
the gate compliance MUST equate to common determination, otherwise xacml
will become a YAML (Yet Another Marketing Label).

b


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC