OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Moving ahead with 3.0


I would like to finish XACML 3.0. :-)

So, what do we still have to do?

There is the issues list of course. More on that below. I need to update 
the docs to the new OASIS templates as well. But besides that, what more 
is there to do?

The delegation draft lacks a conformance section. I can make one. The 
core has one already since the doc is really just an updated 2.0 doc. 
Have there been any changes to the requirements on the conformance 
requirements section from the side of OASIS?

It might be a good idea if someone who is a native English speaker 
proofreads the docs, but we can wait with that until the end.

The profiles also need to be updated, but I suspect that it is mostly 
just updating to the new schema.

Below you can find the the issues list with some proposals. Could we 
discuss the issues at the next meeting? I also propose that we move any 
post 3.0 issues to a separate wiki page so we can focus on wrapping up 3.0.

Issue 12, more general conclusions: Bill and I posted a working draft 
about generalized obligations. We have not received much feedback on 
this. I propose that we defer this to post 3.0.

Related to this is the issue about the timing attribute for obligations 
which was proposed by David Chadwick. I put this as a feature in the 
obligation draft. If we defer the obligation draft, do we want to 
include the timing attribute in the 3.0 core? In my opinion this depends 
on what we expect will happen with the obligation work. My preference is 
that we after 3.0 core is done quickly complete the obligation work, in 
which case the timing should go there, not in the core now. But if the 
obligation profile will never happen, then we should include the timing 
attribute in the core now.

Issue 23, access permitted: This is waiting for Hal to update the 
proposal to the new core schema. Also, there are concerns about how this 
could affect the complexity of evaluation. Hal, what is you take on this?

Issue 36, PDP metadata: I suggest that we wait with this issue until 
last in the 3.0 work and see what meta date we need.

Issue 62, policy provisioning interface. I think this is post 3.0. It 
doesn't affect the core directly and this work is very early yet.

Issue 63 is just waiting for me to update the docs. Will do soon. :)

Issue 66, missing attributes may be underspecified. I propose that we 
defer this to post 3.0. It is early work and might be better suited for 
a profile for a PDP <-> PEP protocol.

Issue 67, XPath 2.0. There is a proposal in the docs, but someone who 
knows xpath better than me needs to review it. If no one wants to review 
it, I propose that we go with as it is and make errata later if needed. :-)

Issue 71, different categories as different entities: I propose that we 
defer this post 3.0. It is a major change from XACML 2.0 and there is no 
concrete proposal. I am also concerned with computational complexity 
since this is related to the complexity issue we got with distinct 
indirect delegates.

Issue 72, placement of supplied policies is open needs to be done for 
3.0. I will think up a proposal.

Issue 73, start of administrative requests in nested policy sets. I 
think we don't need to change anything as things are now, but I will 
think more about it. I will write an explanation of whatever result I reach.

Issue 75, PEP <-> PDP interface. Defer this to a post 3.0 profile.

Issue 76, multiple conditions. I'm not sure about this one. Seems like 
partly a duplicate of issue 71. I also wonder whether it is not possible 
to implement the xpath part of this issue using clever xpaths and bag 
functions in the policy.

Issues 82, 83 and 85 seem straightforward to fix.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]