OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] Minutes of 25 March Policy Model teleconference



Personally I would like to see a version 12 with all the resolutions in
it, so that we can start working on issues with the document, and not the
model itself.

This leads me to one question. I have taken on an action item about
creating text about the PDP's evaluation of a single base policy that we
could all be happy with. This situation came about after I complained
about it, of course. :)

I would rather instead of submitting text for an issues document, which is
largely just maintained for historical purposes, submit editing
instructions for the XACML document itself.

However, as I look for the appropriate place for such text, I find that
the only sections that it applies are NON-NORMATIVE, which serves only as
an explanation but does not stipulate requirements. This IS FINE WITH ME!
:)  However, I was under the impression that we were writing conformance
points for the operation of a PDP and PEP. I believe that is where we get
into trouble. Which is the point of contention with me.

It seems that the normative part of the specification is the language and
its semantics. Which really says nothing about the PDP or the PEP, other
than a PDP shall evaluate a policy and along with some inputs according to
the well specified semantics of the language.

The NON-NORMATIVE part, i.e. Section 4 (Models) specifically, 4.1. Data
Flow Model, is primarily there for explanation and context. The data flow
model is not required implemented as separate components and the whole
thing can be viewed as a PEP from the get-go.

Am I correct on this interpretation?

So, I am at a loss about what to write and where. All I want to write is
specifically, given a XACML policy and inputs of Subject, Resource,
Environment, and a SAML Authorization Decision request, a PDP shall
evaluate such request against the policies and inputs according to the
semantics of the Normative part of the spec, i.e. Rules, Policies, and
Policy Combinations.

Cheers,
-Polar






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC