[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] XACML Profile for Role Based Access Control (RBAC)
Attached is a version that uses "Committee Draft". It specifies the Location for the file as the same URL used previously, but with the file name changed from cs-* to cd-*. I will request this URL from the OASIS webmaster. Anne On 13 February, Hal Lockhart writes: RE: [xacml] XACML Profile for Role Based Access Control (RBAC) > From: Hal Lockhart <hlockhar@bea.com> > To: Anne.Anderson@Sun.COM, XACML TC <xacml@lists.oasis-open.org> > Subject: RE: [xacml] XACML Profile for Role Based Access Control (RBAC) > Date: Fri, 13 Feb 2004 10:46:46 -0500 > > Sorry Anne, there is no longer such a thing as a Committee Specification at OASIS. What we approved is a Committee Draft. > > I imagine we can wait until you return from vacation to get this fixed, but I ask others not to circulate this version until we get the header fixed. > > Hal > > > -----Original Message----- > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] > > Sent: Friday, February 13, 2004 9:43 AM > > To: XACML TC > > Cc: Anne.Anderson@Sun.COM > > Subject: [xacml] XACML Profile for Role Based Access Control (RBAC) > > > > > > Colleagues, > > > > I have re-formatted the RBAC profile as a Committee > > Specification, and this new version is attached as a PDF file. I > > have cleaned up lots of formatting, spelling, grammar, > > etc. errors that were in the working draft. > > > > Three notes, the first of which concerns a change that perhaps > > exceeds the bounds of editorial discretion: > > > > 1) Section 1.5 Multi-Role Permissions > > > > Previously, this non-normative section said: > > > > "The permissions associated with a given Multi-Role > > <PolicySet>, however, may be inherited only by other > > multi-role policies that require a superset of the roles > > required by the given multi-role policy. This is because > > the <Target> of the Role <PermissionSet> associated with the > > multi-role policy will screen out any Subject that does not > > possess at least the set of roles required by the given > > multi-role policy." > > > > During my close edit reading, I realized that this statement > > is incorrect and also conflicts with the rest of the document; > > it assumed that the other role would include the multi-role > > Role <PolicySet>, which include the role-restricting Target, > > rather than the multi-role Permission <PolicySet>, which > > contains an "any" Target. Elsewhere, the text is very clear > > that to include the permissions of another role, you include > > that role's Permission <PolicySet>, not that role's Role > > <PolicySet>. > > > > I have reworded this to say: > > > > "The permissions associated with a given multi-role <PolicySet> > > may also be inherited by another role if the other role > > includes a reference to the Permission <PolicySet> associated > > with the multi-role policy in its own Permission <PolicySet>." > > > > If anyone objects to this change, please say so. > > > > 2) The line numbers in the examples use a different line number > > sequence from the line numbers in the rest of the text. This > > seems to be a "feature" of StarOffice, so I hope you can live > > with it. The line numbers in the examples end in a ".", > > whereas the line numbers in the text do not, so it is possible > > to specify the series of numbers to which you are referring. > > > > 3) The document's title page says its location is > > "http://docs/oasis-open.org/xacml/cs-xacml-rbac-profile-01.pdf". > > The document is not located there now (since this edit has not > > been approved yet), but will be uploaded into the location by > > the OASIS webmaster once I give her the version to use. This > > makes use of a little-known OASIS manual mechanism for > > reserving a URL for use by a committee specification or > > standard rather than using the Kavi repository, which assigns > > the URL only as it is being uploaded. > > > > I will wait a decision from the chairs as to when this version > > should be uploaded as the accepted Committee Specification. > > > > Anne > > -- > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > Sun Microsystems Laboratories > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
XACML Profile for Role Based Access Control (RBAC) - CD
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]