[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] request and response context schema
Hi Simon,
----------
From: Simon Godik[SMTP:simon@godik.com]
Sent: Tuesday, May 07, 2002 12:05 PM
To: xacml@lists.oasis-open.org
Subject: [xacml] request and response context schema
Here is context schema with request context and response context.
Simion
Thank you very much for putting this request and response context together. I think it captures the content of our F2F and subsequent discussions very well.
I just have a few comments.
1) In AttributeDesignator, should Issuer be a string or an anyURI? You currently have it as an anyURI but I wonder if string would be a better choice (note that it is a string in the SAML Assertion).
2) In ResourceSpecifier, I would suggest changing "ResourceURI" to something like "ResourceLocator", since this more clearly says what it is for. Also, I would add another attribute called "ResourceName" (of type anyURI).
3) It is not clear to me why DecisionType has been defined. It seems to me that in many cases it will not give sufficient information (in particular, "Permit Read FileX" is not an appropriate answer if the question is "can Joe Read FileX?").
4) If DecisionType is kept, Action should be of type string (not anyURI), and I would recommend adding the element AbstractPrincipal (to address my concern in (3)). All three pieces of information (i.e., ResourceName, Action, and AbstractPrincipal) should be optional.
Carlisle.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC