Re: [xacml] oasis-xacml-2_0-core-spec-wd-08.zip

[Anne.Anderson@Sun.COM]

>
>I'm looking at this new document and I have a couple questions.
>
>0. I went to considerable effort to make glossary items for the
>   CombinerParameter proposal. None of them made it in there. I think it
>   would be good to have those definitions.

Polar, I'm sorry - we discussed this at the Focus Group and I forgot to put
it in the minutes.

We decided that the Glossary should contain terms needed to understand the
introductory material.  If we put too much of the more detailed terminology
there, it will make it harder for the reader new to XACML to know what is
important to know first.

Tim thinks the terms are explained in the normative section pertaining to
the CombinerParameters.  If they are not explained sufficiently there, then
that section should be beefed up.

Of course, if you disagree, the draft can still be changed, but we sort of
felt the glossary was getting to be more complex than helpful.

Anne

>1. I removed CombinerParameters from the Rule as we now have
>   RuleCombinerParameters. They are still there. They need to be removed.
>
>2. I removed the sentence "<VariableDefinition> MAY contain undefined
>   <VariableReference>, but if it does, corresponding <VariableDefinition>
>   MUST be defined later in the encompassing policy."
>
>I removed this sentence because a variable reference cannot be "undefined"
>if it *has* a definition.
>
>Anyway, it's not about the VariableDefition. It's about the Expression.
>It's probably better to say "An expression SHALL not contain any undefined
>variable references."  but that should be included in section 5.33
>Expression.
>
>Perhaps, if we must stay something about it, please say it in the
>VariableReference section. Perhaps stating that,
>
>"A <VariableReference> that does not have a corresponding
><VariableDefition> in the encompassing policy shall be considered
>undefined".
>
>And that takes care of both problems.
>
>3.  In both Policy and PolicySet evaluation, I removed a sentence that
>says, "In such a case, the values of these parameters associated with the
>policies, MUST be taken into account when evaluating the policy set."
>
>I removed this sentence because it is not really true. First of all, I
>don't know what "taken into account" means.  It is perfectly up to the
>implementation of the combining algorithm to do what it wants with the
>arguments, even ignore them if it wants to.  So, I think this sentence is
>really meaningless. I added a sentence that states,
>
>"If the implementation supports combiner parameters and if combiner
>parameters are present in a policy, then the parameter values MUST be
>supplied to the combining algorithm implementation."
>
>What more really needs to be said here?
>
>4. and finally, I noticed that Obligations made it into Rules. Did I loose
>that battle? Maybe so, I don't remember.
>
>But please answer me this, what does a Rule with the Effect of Deny mean
>with Obligations of FullfillOn="Permit" mean? What am I supposed to do
>with that?
>
>Cheers,
>-Polar
>
>
>
>
>
>To unsubscribe from this mailing list (and be removed from the roster of the
>OASIS TC), go to
>http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>