OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: New delegation draft


I have posted draft 08 of the delegation profile. There are lots of
changes as you can see from the diff.

I have improved the text, figures, consistency and terminology. I have
also simplified some parts of the processing model. I took away to the
"issuer congruency" thing, which on second though felt a bit
unnecessary. I also removed the ban on combination algorithms that could
evaluate to "deny". When I thought about it, I don't think there really
are any algorithms that cannot evaluate to "deny". Instead I wrote that
"deny" results which are not by the trusted issuer are to be discarded,
which is really what we tried to say. It also gives us a clean point
where we can start working on adding reduction of denys.

Despite what I said during the latest meeting, I changed the name of the
trusted issuer, since it felt weird to have the trusted _issuer_ be
called "delegate".

This is a version that I am fairly happy with for now. There should be
no major inconsistencies and I have filled in details so it is quite
complete, so it should be pretty much implementable as it is. Of course
all planned features are not there yet, but what is there should make
sense. Let me know if it doesn't. ;)

I had some thought about the terms "Result", "Value" and "Decision".
They are pretty much synonymous right now, but there are some subtle
differences among the states of the values during the processing, that
we might want to define in more detail. Let me know if you find any
confusion in this aspect.

During the process I have found some more open issues, but I will add
them to the wiki instead of writing them here.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]