RE: [xacml] WS-Policy and XACML comparison

[Anne Anderson <Anne.Anderson@Sun.com>]

On 26 February, Tim Moses writes: RE: [xacml] WS-Policy and XACML comparison
 > Colleagues - The persuasiveness of Anne's argument is inescapable.  I
 > propose the following use-cases as a starting point.  All the best.  Tim.
 > 
 > 1.a.  Provider decision - Service provider decides whether a request is
 > conformant with the applicable part of its policy.
 > 1.b.  Consumer decision - Service consumer decides whether a response is
 > conformant with the applicable part of its policy.
 > 2.a.  Construct request - Service consumer forms a request that is
 > simultaneously conformant with the applicable part of its own and the
 > service provider's policy, or returns a fault.
 > 2.b.  Construct response - Service provider forms a response that is
 > simultaneously conformant with the applicable part of its own and the
 > service consumer's policy, or returns a fault.
 > 3.  Forward decision - Subsequent process-step decides whether a request is
 > conformant with its own and the information owner's policy.

Tim,

Could you clarify these use cases for me?

- Is "Provider decision" the same as a PDP decision?

- Is the "response" in "Consumer decision" the response by the
  service provider to the service request?  I have been assuming
  that most of the policies for the format, security, etc. of the
  response to the service request would have been negotiated as
  part of the service request, and that, often, the service
  consumer would not even be able to understand a response that
  was not in the mutually agreed upon format (for example,
  encrypted using an algorithm the consumer does not support).

- What does "its" refer to in "Forward decision"?  The service
  provider?  How is this different from "provider decision"?

Thanks,
Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692