RE: [xacml] XACML 2.0 Hierarchical Resources, Draft 2.0

["Daniel Engovatov" <dengovatov@bea.com>]

Let me clarify my objections a little bit.   With the new draft they
changed (and diminished :) a bit.
There is clearly a value in having a well defined and useful
hierarchical name schema.  I would personally love to see that in any
system I have to work with. :)  Too bad it never happens.  
In this particular case, it boils down to a specification on how to
construct such a naming scheme so that it works well with some standard
XACML functions.   I will leave aside the issue of whether it is a good
idea at all to use irreversible matching functions in target.
As I read the spec, usage of this particular naming convention is
proposed as a "fallback" naming suggestion in the absence of a
"profile".   That is good.  Nobody will like the need to develop
mandatory one-way naming mapping for an established
application/framework.  
What does it mean in reality?  If you do not follow the suggested
naming, then you automatically have a profile? What is a "profile"?  Do
we have a definition of what a resource naming "profile" is?  Do we have
a standard way to describe it?  Anne mentioned this issue in her e-mail,
but I do not see any hint on an answer.  
We are attempting to standardize something well out of our scope without
any clear definitions on when, where and how such "standardization" is
applicable. 
Daniel.

   Note that an objection to this standard representation has
   been raised by Daniel, yet other members requested it and
   think it is important.  The TC will have to decide whether to
   include this representation or not.