[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: A couple of mistakes in the working drafts
All, There are a couple of minor mistakes in the current working drafts: In the administration profile, the treatment of the "delegation-info" attribute category during reduction, section 4.5 is not described correctly. Section 4.5 says now: Given a potentially supported policy, P, and the request R, an administrative request, A, is generated based on R by the following steps: 1. The <Attributes> elements of R are mapped to <Attributes> elements in A according to the following: 1. An <Attributes> element with Category equal to ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegate” in R has no corresponding part in A. 2. An <Attributes> element with Category which starts with the prefix ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:” maps to an identical <Attributes> element. 3. An <Attributes> element with any other Category maps to an <Attributes> element with the Category prefixed with ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:” and identical contents. 2. A contains an <Attributes> element with Category equal to “urn:oasis:names:tc:xacml:3.0:attribute-category:delegate” and contents identical to the <PolicyIssuer> element from P. 3. A contains an <Attributes> element with Category equal to “urn:oasis:names:tc:xacml:3.0:attribute-category:delegation-info” and the following contents: 1. An <Attribute> element with AttributeId equal to “urn:oasis:names:tc:xacml:3.0:delegation:decision”, DataType equal to “http://www.w3.org/2001/XMLSchema#string”;, and the value equal to the decision which is being reduced, that is either “Permit” or “Deny”. (See section 4.7 for explanation on how this value is set.) It should under point 1 that the delegetion-info category already present is discarded. I have changed it to this: 1. The <Attributes> elements of R are mapped to <Attributes> elements in A according to the following: 1. An <Attributes> element with Category equal to ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegate” in R has no corresponding part in A. 2. An <Attributes> element with Category which starts with the prefix ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:” maps to an identical <Attributes> element. 3. An <Attributes> element with Category equal to “urn:oasis:names:tc:xacml:3.0:attribute-category:delegation-info” in R has no corresponding part in A. (Note, a new delegation-info category is created, see point 3 below.) 4. An <Attributes> element with any other Category maps to an <Attributes> element with the Category prefixed with ”urn:oasis:names:tc:xacml:3.0:attribute-category:delegated:” and identical contents. ... I also noticed that I had edited the administration profile to move the "access permitted" feature to the core, but I had forgot to post the update. I just posted WD 22 of the administration profile which contains these fixes. I also noticed (a long time ago actually, but it got buried deep down in some TODO list) that the <RequestDefaults> element is not included as a child to the <Request> element in the schema file. I'm fixing this. The schema is now like this: <xs:element name="Request" type="xacml:RequestType"/> <xs:complexType name="RequestType"> <xs:sequence minOccurs="0" maxOccurs="unbounded"> <xs:element ref="xacml:RequestDefaults" minOccurs="0"/> <xs:element ref="xacml:Attributes" maxOccurs="unbounded"/> <xs:element ref="xacml:MultiRequests" minOccurs="0"/> </xs:sequence> <xs:attribute name="ReturnPolicyIdList" type="xs:boolean" use="required" /> </xs:complexType> I'll wait with posting an update until we get more review feedback. (You are reviewing it, right. :-)) Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]