OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] [Text Change] Appendix B: Describe XACML attributes better


CHANGE REQUEST:
1. B.5 Subject attributes: Change initial paragraph from:

   "These identifiers indicate attributes of a subject.  At most
    one of each of these attributes is associated with each
    subject.  Each attribute associated with authentication
    relates to the same authentication event.

   To:

   "These identifiers indicate attributes of a subject.  When
    used, they SHALL appear within a <Subject> element of the
    Request Context.  They SHALL be accessed via a
    SubjectAttributeDesignator, a
    QualifiedSubjectAttributeDesignator, or an AttributeSelector
    pointing into a <Subject> element of the Request Context.

    At most one of each of these attributes is associated with
    each subject.  Each attribute associated with authentication
    included within a single <Subject> element relates to the
    same authentication event.

2. B.6 Resource attributes: Add introductory sentence saying:

   "These identifiers indicate attributes of the resource being
    accessed.  When used, they SHALL appear within the <Resource>
    element of the Request Context.  They SHALL be accessed via a
    ResourceAttributeDesignator or an AttributeSelector pointing
    into the <Resource> element of the Request Context."

3. B.7 Action attributes: Add introductory sentence saying:

   "These indentifiers indicate attributes of the resource being
    accessed.  When used, they SHALL appear within the <Action>
    element of the Request Context.  They SHALL be accessed via a
    ActionAttributeDesignator or an AttributeSelector pointing
    into the <Action> element of the Request Context."

4. B.8 Environment attributes: Add introductory sentence saying:

   "These identifiers indicate attributes of the environment
    within which the request is to be evaluated.  When used, they
    SHALL appear within the <Resource> element of the Request
    Context.  They SHALL be accessed via an
    EnvironmentAttributeDesignator or an AttributeSelector
    pointing into the <Environment> element of the Request
    Context."

RATIONALE: the way in which these attributes are to be used is
not explicitly stated anywhere.  While the names imply a usage,
it would be more clear to implementors if the usage were more
explicit.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC