OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Issue#39:number of policies to return is too large




On Wed, 6 Sep 2006, Anne Anderson - Sun Microsystems wrote:

> I don't think there are actually that many cases to deal with here.  I'm not 
> trying to design a reliable transaction protocol, just a simple mechanism 
> that would support the use case of a relatively stable PAP returning multiple 
> blocks of policies to a client.

Yet, the text above this section was filled with ramblings of protocol as 
if it were just "common sense".

It's one thing to specify XACML because it is viewed (or at least I view 
it as) as a representation of access-control policy that is transportable 
between PAPs and different PDPs, leaving the "implementation details" of 
that transport alone.

It's completely other thing to specify a "simple" element in a _protocol_ 
and not cover the bases, or assume others will have the same "common 
sense" about it as you do.

It's funny that we are all in "security" which is supposed to mean things 
like, _availability_, _assurance_, _reliablitity_, yet we punt on those 
things all the time.

Cheers,
-Polar


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]