OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Rule References

I would fully agree with that.


-----Original Message-----
From: Polar Humenn [mailto:polar@syr.edu] 
Sent: Thursday, June 05, 2003 5:16 AM
Subject: [xacml] Rule References

As I understand it, it looks like Rule References are still going to be an
element of XACML. I think I am opposed to this. Before, a Policy was a
defined set of rules with a defined combining algorithm. We decided a long
time ago that a The policy was the smallest point of administration, and
it was completely semantically defined. Sticking them outside the policy
breaks that.

I don't think I mind if rules are defined in the policy and referenced 
multiple times within the policy, although I don't see much of a point at 
the rule level, but can see how this can work at the Condition level, i.e. 
combining different conditions which are previously defined within the 
same policy. Rule References seem to be defined as anyURIs and that brings 
them outside of the policy.

Once rules incorporated referenced from outside the policy, it becomes 
unwieldy, as you cannot specify the evaluation semantics of a policy in 
the face of dynamically updating outside rules.

Rules can change dynamically underneath the URI. I don't like this.

This will also blow any hope of using XACML within the CORBA policy 
management model for the Resource Access Decision facitity, as the Policy 
is the smallest point of administration.

Unfortunately, I'm in Paris :) at the OMG meeting, and I will not be able
to make the con call today. I've been trying to follow dicussions, but I 
must admit to be lax somewhat due to other work and travel. I've been on 
the road for 3 weeks now. Ugghh. I should be home next week.


You may leave a Technical Committee at any time by visiting

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]