OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Minutes of the 25 May, 2006 TC meeting




Bill Parducci wrote:
> Minutes of May 25, 2006
>
> ...
>
> 2. Attribute Passing - Frank's proposal for the Request Context
>     containing Attributes about Delegates.
>
>     The TC agreed to the following:
>
>     When using the core technology without using a profile (such as the
>     SAML profile) there is a superset of information provided that will
>     be used as input to the process cycle. The format of that
>     information is undefined by XACML. During each evaluation cycle the
>     Request Context is constructed from the superset and used by
>     Policies and PolicySets.
>
>     When using the SAML Profile we will specify the way the superset
>     information is carried across the wire. Any implementation that
>     doesn't use the SAML Profile is free to provide that information in
>     any way it chooses so long as the subsequent Request Context is
>     properly constructed for each cycle.

That's all too bad.

As I mentioned before, by relying on an "undefined" method to pass this
"superset" of information, you break a functional interface where you
pass all the information you need for evaluation in the request context
- you essentially pass information through undefined global variables
instead of passing it through function parameters. Note that this is a
departure from the xacml-1&2 request context definitions and processing.

As a consequence, you can not verify or understand the results that come
back from an evaluation of a request context by only looking at the
request context and the policies. Not having a functional interface will
complicate the proofing of correctness and any formal reasoning of what
a set of xacml-3 policies and sets of actor's attribute-sets evaluate to.

In general, you should have very good reasons not to use a functional
interface... unfortunately, I have not seen any in this case.

Sadly yours, Frank.

-- 
Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]