OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: New WS-XACML issues added


I updated several non-WS-XACML issues that were marked OPEN, but are 
actually either Pending or Pending Review.  I will add dates for my SAML 
profile-related items as soon as I can block out time to work on a new 
SAML profile draft.

I added five new issues reflecting all the unresolved topics I am 
currently aware of in WS-XACML as of WD 8.  I am the champion for all 
these.  In every case, I have suggested the TC review and decide on a 
resolution by 1/18/07, and I will incorporate these into a new draft by 
2/1/07.  A summary of these follows.  See the Issue List for fuller 
descriptions (http://wiki.oasis-open.org/xacml/IssuesList).

55: Address policy references in an XACMLAssertion Requirements element 
containing a PolicySet

- these could be disallowed, required to be resolvable (e.g. URL), or a 
new element could be added into which all referenced policies and policy 
sets must be placed)

56: Add optional "Preference" XML attribute to Apply element of an 
XACMLAssertion Requirements or Capabilities element to indicate which 
value in a range or set is most preferred by the Assertion issuer

- this would allow the generic intersection engine to select a specific 
value for each policy variable for use in a specific interaction

57: Restrictions on XPath expression to support matching Attribute 

- WD 8 proposes that absolute paths containing no query operators are 
sufficient, but I do not have any proof for this.


- This element interacts with the other elements in a POLICY/STATEMENT, 
so automatic intersection of constraints is not possible where this 
element is involved.

59: Allow restricted regular expression functions in XACMLAssertion

- Allowing XACMLAssertion Apply elements to use regular expressions 
would be useful and powerful, but they would need to be in the 
restricted form that supports intersection.  Intersection can also 
relatively expensive: is it worth it?

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]