OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] WSPL - XACML gap analysis

Anne - I think the requirements of reliable-messaging and transactions are
trivial compared with those of crypto-security, authorization and privacy.
Reliable-messaging policies (for instance) need to indicate whether a
function (e.g. acknowledgments or message-sequence integrity)) is supported
or not, and what the minimum permissible resend interval is, or what the
maximum storage interval for message identifiers is.  So, I believe the
functions defined in XACML v1.0 are sufficient for these cases.

All the best.  Tim.

-----Original Message-----
From: Anne Anderson [mailto:Anne.Anderson@Sun.com]
Sent: Tuesday, March 11, 2003 10:49 AM
To: Tim Moses
Subject: Re: [xacml] WSPL - XACML gap analysis

On 11 March, Tim Moses writes: [xacml] WSPL - XACML gap analysis
 > Colleagues - Here is an initial stab at a gap analysis.  I compare XACML
 > v1.0 with the requirements listed here ...
 > http://lists.oasis-open.org/archives/xacml/200303/msg00014.html
 > Category 1 (Satisfied and adequately explained in XACML v1.0): R1, R4,
 > R6, R7, R13, R14, R15, R16.
 > Category 2 (Satisfied in XACML v1.0, but fuller explanation required):
 > R3, R8 (use <Target> element), R11.
 > Category 3 (Needs features not found in XACML v1.0):
 > R9 - WSS-QoP describes how to reference policy from WSDL and SOAP.
 > R10 - Needs the reintroduction of orderedOr and orderedAnd functions with
 > explanation of their semantics.
 > R12 - Needs a way to reference the result of an operation.
 > R2 and R3, I think, are the most substantial pieces of work.
 > Any comments?  All the best.  Tim.

Tim, once again, thanks for doing this work.  I agree that R2 and
R3 are the most substantial pieces of work.

For R4 and R6, we MAY need to add data-types and associated
functions specific to DSIG/DENC info (ways to compare
cryptographic algorithm specifications along with their

Are there other types of information that will be common in
crypto-security policy, authentication policy, reliable-messaging
policy, or transaction policy for which it would be helpful to
specify new data types and operations?

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]