xacml message

Subject: Re: [xacml] Concrete Proposal of ConditionReference (#7)

Seth Proctor wrote:
> In terms of the new schema, it seems to be coming along well, but I have 
> real issues with the addition of a CondRef mechanism. I think this is 
> just confusing things. Also, I think there are plenty of cases where the 
> same Definition could be used as a Condition and as an Apply. My vote 
> would definately be to stay with the original idea of having Ref/Def be 
> a single, simple mechanism, and let someone use a Ref instead of a 
> Condition. On a related note, I see no reason to remove the element 
> "Condition" and start just using Apply. The Condition has been in XACML 
> for a long time, and while removing it doesn't help anything (in my 
> opinion) it does move 2.0 further away from 1.x, which doesn't seem like 
> a good idea. It also confuses the idea of a Condition being a special 
> kind of Apply statement, which is a key idea. Again, my vote would be to 
> leave Condition as is.

At the risk of following-up to my own mail...

The point I'm trying to get at is that there seems to be a lot of change 
for change's sake here. I'm all for fixing things that are broken, or 
adding new features that are really needed, but let's not change things 
unless we actually need to. The Condition element is a clear and useful 
thing in XACML. Let's not change that unless we actually have to. This 
goes, in my mind, for all the 2.0 changes we're making, not just this 

To Simon & Michiharu - don't think I'm critisizing you at all here. I 
think what you're proposing has some real utility. I'm just trying to 
reality check things :)


