OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] [schema] Notes from 7/15/02 meeting

2.  [Anne] Handling of multiple decisions
    [Michiharu response]

    Treat like separate evaluation for each element in resource
    hierarchy?  If treat together, how are effects combined?

    MUST a PDP provide separate evaluations if a hierachical
       resource is specified?

    CLOSED: As if separate evaluations are done.

    CLOSED: the response indicates which specific elements in a
       resource go with specific decisions.  This allows either a
       single evaluation, partial list of evaluations, or full
       list of evaluations.  Action could specify what is
       desired: e.g. "READ-ALL", "READ-EACH".  This is
       application specific.

3.  [Anne] Optional <Target> in Rule (since often same as Policy)

    a. Optional <Target> in Rule (already optional in 15g):
       semantics ::= "match"
    b. Define <Target> to be a choice
         1. urn:oasis:...:anyTarget, or
         2. <Subject>...</Subject>,<Resource>...</Resource>,...
       and use 1. for this case.
    c. Use <Subject>urn:oasis:...:any</Subject>,
       <Resource>urn:oasis:...:any</Resource> for this case.

    OPEN: Decide on 7/22/02.  We forgot to address this on 7/15.

15. [Daniel] mapping "numeric"

    CLOSED: version 1 uses just positive and negative integer and

16. [Anne] Target matching:
    [Michiharu response]
    [Michiharu new response]

    CLOSED: In a single AttributeDesignator in a Target element,
    at least one returned node must match the target value.  If a
    Target element includes more than one AttributeDesignator,
    then each AttributeDesignator must have at least one returned
    node that matches its target value.

    OPEN: Michiharu will propose a subset of XPATH by 7/18/02.

    OPEN: Michiharu will provide examples of the "namespace"
    attribute by 7/18/02.

    OPEN: We will study Michiharu's new response and decide on
    its issues on 7/22/02.

    OPEN: Tim will attempt to define Target conditions as a
    restriction on our Function definitions in 15i.  He hopes to
    have 15i ready on 7/16/02.

21. [Anne] {PolicySet|Policy|Rule}Designator issue

    CLOSED: Designators are not intended to tell *how* to retrieve
       the specified PolicySet, Policy, or Rule, merely to
       identify *which* is to be retrieved by Id.  The
       PolicySetDesignator and PolicyDesignator types do need to
       be a CHOICE rather than a SEQUENCE.

    OPEN: How about Assertion by reference?

22. [Daniel] Why Function has 1...inf of arguments?  Couldn't it
    be without arguments?

    CLOSED: Allow 0..inf arguments.  This supports a function
    that returns the value of "pi", or a function that returns
    the time-of-day, for example.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC