[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Version 0.7
Here are my comments on draft 0.7. Figure 1 - Data-flow diagram has an arrow 7 that is outgoing from PDP to Web service. I thought that the internal post-condition is consumed only in the PDP (e.g. as internal access history). This arrow does not match the description of line 146-151. Are there specific use case of Web service that requires internal post-conditions? Line 131-136 - Are resource classification and the requested action enough to identify the applicable policy? I agree that in most cases the resource classification and the requested action are used. But there is the case that the applicable policies are classified by subject attribute, for example, the policy for US citizens and the policy for not US citizens. In that case, there may be no need for specifying any resource classification. Thus , my suggestion is to add something like "principalClassification" to the "applicability" element and changes minOccurs attribute to "0" for all element under "applicability". regards, Michiharu Kudo From: Tim Moses <tim.moses@entrust.com> on 2001/11/28 01:28 Please respond to Tim Moses <tim.moses@entrust.com> To: "'XACML'" <xacml@lists.oasis-open.org> cc: Subject: [xacml] Version 0.7 Colleagues - Here is version 0.7, as we decided yesterday. All the best. Tim. ----------------------------------------- Tim Moses Tel: 613.270.3183
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC