New delegation draft

[Erik Rissanen <mirty@sics.se>]

Hello all,

I have done some work on the delegation profile.

I have added (yet another!) description of the processing model to the
delegation profile document. I have based it on the processing model of
XACML 2.0, and I like it better this way since this directly relates to
the evaluation of policies as has been defined in previous versions of
XACML. This description also makes clear that the differences to the
XACML 2.0 model are quite small.

I still think that there is value in a different kind of representation
that more clearly shows the overall processing and how the delegation
chains are reduced, but I am afraid that the connection to the actual
policy contents is much harder to explain that way. I would propose that
we make the normative specification something like I have written today
and include figures that show step by step what happens according to
Frank’s and Tim’s algorithms. I volunteer to draw those figures.

Perhaps we can discuss this at the next focus group meeting?

I don’t recall if we decided anything on the element vs subject category
for the Delegate. I have used elements, since they are more visible in
the schema definitions, so they make it easier for me to communicate for
now. In any case we were thinking about redoing the target completely
anyway, so we might need to change it in the future anyway.

I added the LaterDelegate element to the context. It makes it possible
to write conditions on further delegation. Perhaps it needs a better name?

Lots of features and open issues that we have discussed are not included
in this version and the document is kind of messy right now, but it is a
nice sunny Sunday afternoon out there right now, so I don’t feel like
working more on it today. ;-) I also did not have time to update the
schema files yet, but I included them in the zip.

Best regards, Erik