OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [xacml] Questions about Context

Title: Questions about Context
 
-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Tuesday, July 16, 2002 12:41 PM
To: 'XACML'
Subject: [xacml] Questions about Context

Colleagues - I have the following questions about Context.

1. Should we repeat Subject and Actions in the Response?  If there are multiple Subjects and Actions in the Request, will it always be clear which Subject was permitted which Action?
[Daniel Engovatov] I would think yes - repeat it.  It also facilitates asynchronous protocols. 

 2. Should we call "Other" "Environment"?  The term "Other" doesn't convey much information to the reader.
[Daniel Engovatov]  Agree. 

3. What is the purpose of the Qualifier attribute in the SubjectIdType definition?

4. In Policy.xsd we use the term "Designator" (policy, rule, attribute).  In Context.xsd we use the term "ResourceSpecifier".  Is this inconsistent?

5. In ResourceSpecifier the ResourceId is of type xs:anyURI.  Should this not be xs:string?  Otherwise, non-xml resource instances cannot be named.
[Daniel Engovatov] Absolutely.  I feel, that in general we XACML is too concentrated on this particular resource model.   

6. The Scope element is in both the Request and the Response.  Do we need it in the Response?  Will one ever want to say the Request is permitted for children, but not for descendants, etc.?
[Daniel Engovatov] It should not, probably, be included in Response.  Response is only for the resource mentioned in the response.  If a separate response for descendants is needed, it should be provided separately - for all resources in scope.  

If B is descendant of A, and you make a request for A+immediate children - how would you pick the scope for Bin response?  If it is B+children - you are getting information you did not ask for.  It is inconsistent.. 

Do we need a discussion to answer these questions?  All the best.  Tim.

-----------------------------------------
Tim Moses
Tel: 613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC