[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] condition reference text (item 7)
How would it ensure that the type of the expression is Boolean? -----Original Message----- From: Tim Moses [mailto:tim.moses@entrust.com] Sent: Monday, March 15, 2004 9:51 AM To: 'Polar Humenn'; 'Anne Anderson' Cc: Tim Moses; 'xacml@lists.oasis-open.org' Subject: RE: [xacml] condition reference text (item 7) Colleagues - So, shall I proceed with the approach: retain <Condition> and define it to contain a single <Expression> element? Is this agreed? All the best. Tim. -----Original Message----- From: Polar Humenn [mailto:polar@syr.edu] Sent: Monday, March 15, 2004 10:51 AM To: Anne Anderson Cc: Tim Moses; 'xacml@lists.oasis-open.org' Subject: RE: [xacml] condition reference text (item 7) The orginal problem here, was that Condition extended ApplyType, which I thought was a bad idea, as it simulcast a Condition as a function, rather than contain it. If a Condition was an element containing an expression, then it wouldn't be a problem. However, since we are not really maintaining backward compatibility, for the reasons Tim and Anne state about "talking about" the condition of a rule, I can see that the proposal can handle something of the form. <Condition> <Apply FunctionId="string-equal"> ..... </Apply> </Condition> Or <Condition> <VariableRef VariableId="x"/> </Condition> or even <Condition> <AttributeValue Datatype="boolean>True</AttributeValue> </Condition> as long as the content is a boolean typed expression. Admittedly, this approach adds 23 characters to each rule, but what the hey, they only weigh 0.0003421 nanonewtons. Is that an acceptable compromise? Cheers, -Polar On Fri, 12 Mar 2004, Anne Anderson wrote: > On 12 March, Tim Moses writes: RE: [xacml] condition reference text > (item 7) > Colleagues - I have just realized how much work this is > going to be. In > addition to the specific changes described by > Simon, all the examples are > affected and the introductory material, > including the class diagram are > affected. This is going to take > some time. > > I would like to see formal acceptance of the proposal > as soon as possible, > because backtracking doesn't look like an > appealing option. > > > Personally, I lament the passing of <Condition>. The part of <Rule> that > > complements <Target> is a significant independent concept that deserves its > > own name. Anyone who has to explain XACML will have to refer to it. With > > the passing of <Condition>, they'll have to talk about "the child > > <Expression> element of the <Rule> element" or some such. Global replace > > may work for the editor, but it is not a very attractive prospect for the > > reader. > > > > Does anyone else feel that this idea needs a name of its own? > > Yes, I do. The type of the Condition element can be shared with the > other expressions, but giving the element that contains the set of > predicates for a Rule its own name is a minor addition with major > readability benefits. > > The counter argument might be that people won't read XACML policies, > and the tools that generate them don't care what the name is. As > someone who frequently presents and explains XACML to customers and > partners, I can attest that being able to present readable, short > examples is essential to obtaining broader acceptance for XACML. We > will not have many tools until enough human readers have decided XACML > is a good language. > > Anne > > > All the best. Tim. > > > > -----Original Message----- > > From: Tim Moses [mailto:tim.moses@entrust.com] > > Sent: Thursday, March 11, 2004 9:16 AM > > To: 'Simon Godik'; 'xacml@lists.oasis-open.org' > > Subject: RE: [xacml] condition reference text (item 7) > > > > > > Simon - Thanks. I'll incorporate into, and issue, a Draft 07, on > the > assumption that, if and when there is a vote on this subject, > the vote will > be to accept. If not, we can always backtrack. All > the best. Tim. > > -----Original Message----- > > From: Simon Godik [mailto:simon.godik@overxeer.com] > > Sent: Wednesday, March 10, 2004 11:10 PM > > To: xacml@lists.oasis-open.org > > Subject: [xacml] condition reference text (item 7) > > > > > > Hi Tim, > > Here is condition reference text and schema. Text is adopted (with some > > additions) from Polar's email > > > > Simon > > > > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> > > <HTML><HEAD> > > <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=US-ASCII"> > > <TITLE>Message</TITLE> > > > > <META content="MSHTML 6.00.2737.800" name=GENERATOR> > > <STYLE></STYLE> > > </HEAD> > > <BODY bgColor=#ffffff> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2>Colleagues - I have just realized how much work this is going to > > be. In addition to the specific changes described by Simon, all the > > examples are affected and the introductory material, including the class diagram > > are affected. This is going to take some time.</FONT></SPAN></DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2></FONT></SPAN> </DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff size=2>I > > would like to see formal acceptance of the proposal as soon as possible, because > > backtracking doesn't look like an appealing option.</FONT></SPAN></DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2></FONT></SPAN> </DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2>Personally, I lament the passing of <Condition>. The part of > > <Rule> that complements <Target> is a significant independent > > concept that deserves its own name. Anyone who has to explain XACML will > > have to refer to it. With the passing of <Condition>, they'll have > > to talk about "the child <Expression> element of > > the <Rule> element" or some such. Global replace may work for > > the editor, but it is not a very attractive prospect for the > > reader.</FONT></SPAN></DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2></FONT></SPAN> </DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff size=2>Does > > anyone else feel that this idea needs a name of its own?</FONT></SPAN></DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff > > size=2></FONT></SPAN> </DIV> > > <DIV><SPAN class=294413914-12032004><FONT face=Arial color=#0000ff size=2>All > > the best. Tim.</FONT></SPAN></DIV> > > <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> > > <DIV></DIV> > > <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT > > face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Tim Moses > > [mailto:tim.moses@entrust.com] <BR><B>Sent:</B> Thursday, March 11, 2004 9:16 > > AM<BR><B>To:</B> 'Simon Godik'; > > 'xacml@lists.oasis-open.org'<BR><B>Subject:</B> RE: [xacml] condition > > reference text (item 7)<BR><BR></FONT></DIV> > > <DIV><SPAN class=282001414-11032004><FONT face=Arial color=#0000ff > > size=2>Simon - Thanks. I'll incorporate into, and issue, a Draft 07, on > > the assumption that, if and when there is a vote on this subject, the vote > > will be to accept. If not, we can always backtrack. All the > > best. Tim.</FONT></SPAN></DIV> > > <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px"> > > <DIV></DIV> > > <DIV class=OutlookMessageHeader lang=en-us dir=ltr align=left><FONT > > face=Tahoma size=2>-----Original Message-----<BR><B>From:</B> Simon Godik > > [mailto:simon.godik@overxeer.com] <BR><B>Sent:</B> Wednesday, March 10, 2004 > > 11:10 PM<BR><B>To:</B> xacml@lists.oasis-open.org<BR><B>Subject:</B> [xacml] > > condition reference text (item 7)<BR><BR></FONT></DIV> > > <DIV><FONT face=Arial size=2>Hi Tim,</FONT></DIV> > > <DIV><FONT face=Arial size=2>Here is condition reference text and schema. > > Text is adopted (with some additions) from Polar's email</FONT></DIV> > > <DIV><FONT face=Arial size=2></FONT> </DIV> > > <DIV><FONT face=Arial > > size=2>Simon</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML> > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > To unsubscribe from this mailing list (and be removed from the roster > of the OASIS TC), go to > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workg > roup.php. > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro up.php.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]