OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: A couple of mistakes in the working drafts


All,

There are a couple of minor mistakes in the current working drafts:

In the administration profile, the treatment of the "delegation-info" 
attribute category during reduction, section 4.5 is not described 
correctly. Section 4.5 says now:

Given a potentially supported policy, P, and the request R, an 
administrative request, A, is generated based on R by the following steps:

   1. The <Attributes> elements of R are mapped to <Attributes> elements
      in A according to the following:
         1. An <Attributes> element with Category equal to
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegate”
            in R has no corresponding part in A.
         2. An <Attributes> element with Category which starts with the
            prefix
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:”
            maps to an identical <Attributes> element.
         3. An <Attributes> element with any other Category maps to an
            <Attributes> element with the Category prefixed with
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:”
            and identical contents.
   2. A contains an <Attributes> element with Category equal to
      “urn:oasis:names:tc:xacml:3.0:attribute-category:delegate” and
      contents identical to the <PolicyIssuer> element from P.
   3. A contains an <Attributes> element with Category equal to
      “urn:oasis:names:tc:xacml:3.0:attribute-category:delegation-info”
      and the following contents:
         1. An <Attribute> element with AttributeId equal to
            “urn:oasis:names:tc:xacml:3.0:delegation:decision”, DataType
            equal to “http://www.w3.org/2001/XMLSchema#string”;, and the
            value equal to the decision which is being reduced, that is
            either “Permit” or “Deny”. (See section 4.7 for explanation
            on how this value is set.)


It should under point 1 that the delegetion-info category already 
present is discarded. I have changed it to this:

   1. The <Attributes> elements of R are mapped to <Attributes> elements
      in A according to the following:
         1. An <Attributes> element with Category equal to
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegate”
            in R has no corresponding part in A.
         2. An <Attributes> element with Category which starts with the
            prefix
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:”
            maps to an identical <Attributes> element.
         3. An <Attributes> element with Category equal to
            “urn:oasis:names:tc:xacml:3.0:attribute-category:delegation-info”
            in R has no corresponding part in A. (Note, a new
            delegation-info category is created, see point 3 below.)
         4. An <Attributes> element with any other Category maps to an
            <Attributes> element with the Category prefixed with
            ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:”
            and identical contents.

...


I also noticed that I had edited the administration profile to move the 
"access permitted" feature to the core, but I had forgot to post the update.

I just posted WD 22 of the administration profile which contains these 
fixes.


I also noticed (a long time ago actually, but it got buried deep down in 
some TODO list) that the <RequestDefaults> element is not included as a 
child to the <Request> element in the schema file. I'm fixing this. The 
schema is now like this:


<xs:element name="Request" type="xacml:RequestType"/>
<xs:complexType name="RequestType">
<xs:sequence minOccurs="0" maxOccurs="unbounded">
<xs:element ref="xacml:RequestDefaults" minOccurs="0"/>
<xs:element ref="xacml:Attributes" maxOccurs="unbounded"/>
<xs:element ref="xacml:MultiRequests" minOccurs="0"/>
</xs:sequence>
<xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required" />
</xs:complexType>

I'll wait with posting an update until we get more review feedback. (You 
are reviewing it, right. :-))

Regards,
Erik



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]