OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] FW: Proposal (no longer a mystery!) for the path forward...


Title: FW: Proposal (no longer a mystery!) for the path forward...


----------
From:   Carlisle Adams
Sent:   Monday, February 11, 2002 2:39 PM
To:     'Anne Anderson'
Subject:        RE: Proposal (no longer a mystery!) for the path forward...

Hi Anne,

Thanks for raising these points.  Some quick responses before it's time for our teleconference...

With respect to your point 1:  I agree.  On the other hand, Simon and Pierangela at least (and perhaps others as well) certainly seem to have the idea in mind that some sort of administration point pumps out isolated rules.  All I wanted to do was understand this and embrace it in an overall model, recognizing explicitly that there are rules, policies (perhaps layered) and meta-policies.

With respect to 2:  I was going to address this but didn't.  Database entries need to be indexed and cross-referenced in some way that will allow efficient retrieval.  I'm not a database expert and so I'm hoping that someone who is will help us all to understand this better.  My guess at the moment, though, is that anything that is only about subject attributes will be put in a "subject" element, anything that is only about an action will be put in an "action" element, and everything that has to do with the resource, including all the mixtures (e.g., comparison of resource and action attributes), will be put in a "resource" element.

With respect to 3:  This is what you and I discussed before and, until convinced otherwise, I still seem to be in favour of my original opinion.  Yes, the Office of Age Discrimination (OAD) writes such a policy and does not know if additional policies should also apply to employees over 55 and does not know what policies apply to employees under 55.  No disagreement there.  But all this means is that the OAD does not write a higher-level policy that combines its over-55 policy with other policies, and it does not write the meta-policy for the PDP.  This is entirely reasonable; you wouldn't expect it to write either of those policies.  If a higher-level policy will be written, then whoever writes that will certainly need to know about the OAD policy as well as all others that are relevant and will combine them appropriately.  The same is true for the meta-policy writer:  that PAP may not know the details of the OAD policy (in fact, it is unlikely to), but it will know that OAD-issued policies do not override all other policies (otherwise only those forms meeting the OAD policy will ever get approved) and so it will put stuff issued by OAD into an OR with policies issued by other authorities.

Carlisle.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC