xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [xacml] WSPL - XACML gap analysis
- From: Tim Moses <tim.moses@entrust.com>
- To: "'Anne.Anderson@Sun.com'" <Anne.Anderson@Sun.com>,Tim Moses <tim.moses@entrust.com>
- Date: Tue, 11 Mar 2003 10:56:45 -0500
Anne - I think the requirements of reliable-messaging and transactions are
trivial compared with those of crypto-security, authorization and privacy.
Reliable-messaging policies (for instance) need to indicate whether a
function (e.g. acknowledgments or message-sequence integrity)) is supported
or not, and what the minimum permissible resend interval is, or what the
maximum storage interval for message identifiers is. So, I believe the
functions defined in XACML v1.0 are sufficient for these cases.
All the best. Tim.
-----Original Message-----
From: Anne Anderson [mailto:Anne.Anderson@Sun.com]
Sent: Tuesday, March 11, 2003 10:49 AM
To: Tim Moses
Cc: 'XACML'
Subject: Re: [xacml] WSPL - XACML gap analysis
On 11 March, Tim Moses writes: [xacml] WSPL - XACML gap analysis
> Colleagues - Here is an initial stab at a gap analysis. I compare XACML
> v1.0 with the requirements listed here ...
>
> http://lists.oasis-open.org/archives/xacml/200303/msg00014.html
>
> Category 1 (Satisfied and adequately explained in XACML v1.0): R1, R4,
R5,
> R6, R7, R13, R14, R15, R16.
>
> Category 2 (Satisfied in XACML v1.0, but fuller explanation required):
R2,
> R3, R8 (use <Target> element), R11.
>
> Category 3 (Needs features not found in XACML v1.0):
>
> R9 - WSS-QoP describes how to reference policy from WSDL and SOAP.
> R10 - Needs the reintroduction of orderedOr and orderedAnd functions with
an
> explanation of their semantics.
> R12 - Needs a way to reference the result of an operation.
>
> R2 and R3, I think, are the most substantial pieces of work.
>
> Any comments? All the best. Tim.
Tim, once again, thanks for doing this work. I agree that R2 and
R3 are the most substantial pieces of work.
For R4 and R6, we MAY need to add data-types and associated
functions specific to DSIG/DENC info (ways to compare
cryptographic algorithm specifications along with their
parameters).
Are there other types of information that will be common in
crypto-security policy, authentication policy, reliable-messaging
policy, or transaction policy for which it would be helpful to
specify new data types and operations?
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
����
����
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]