[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Changelog for public review
All, Here are all the changes we have made in the specs since the previous public review. Cross references across the specs have been updated in all specs as well the copyright date. xacml-3.0-core-spec and the core schema: • Clarified glossary definition of “obligation” it also mentions that obligations can occur in rules. • Clarified glossary definitions of “policy”, “rule” and “policy set” so they mention that they can contain advice (and obligations for rules). • Updated reference to XML spec to fifth edition. • Clarified introductory section (2.3) to combining algorithms. • Improved consistency in text regarding obligation/advice vs obligation/advice expressions. • Improved consistency in text about that advice/obligations can occur in rules. • Correct errors in the example policies and requests. • Misc improvements in wording and correction of typos in various places (no substantive changes). • Corrected definition of elements <Rule>, <Policy> and <PolicySet> so they correctly reference obligation and advice expressions. • Made a reference to PEP bias from definition of <PolicySet>, instead of incorrectly mandating a “Deny” in the PEP in case of obligation failure. • Allow <AttributeAssignmentExpression> to evaluate to a bag. • Removed redundant occurrence indicators from the RequestType schema definition. • Removed note about XPath 2.0 expert review. • Clarified error behavior of advice/obligations. • Added AdviceId as part of the extensibility list in section 8.1. • Renamed functions uri-starts-with to anyURI-starts-with, uri-ends-with to anyURI-ends-with, uri-contains to anyURI-contains and uri-substring to anyURI-substring • Fixed typos which referenced non-existing data types urn:…:xacml:…*duration. • Reversed the arguments of the string-starts-with, string-ends-with, string-contains, anyURI-starts-with, anyURI-ends-with and anyURI-contains functions. • Clarified error behavior of the string-substring and anyURI-substring functions. • Generalized the xpath-node-match function so it can select any XML node type. • Removed the obsolete attribute id urn:oasis:names:tc:xacml:1.0:resource:xpath • Make it clear that an attribute selector may select an element node. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Added an optional “offset” to <AttributeSelector> in the form of the ContextSelectorId XML attribute. • Improved and moved text about the <AttributeSelector>. • Simplified the schema of <PolicyIdentifierList> • Removed text which says that the XACML conformance tests are hosted on the Sun website. • Added references to sections 5, 6, 7, A, B and C in conformance section. • Made the evaluation context of xpaths better specified. • Make text about multiple arguments in the multiply functions more consistent. • Generalized the any-of, all-of, any-of-any and map functions to functions with more arguments. • Removed an unnecessary reference to SAML in section B.4. (Authentication credentials can come from other sources as well in general, so the reference to SAML was too restrictive.) • Updated Acknowledgements. • Restrict <Content> to a single child element. • Replace the EntireHierarchy multiple decision combining mechanism with a more restricted scheme controlled by the CombinedDecision XML attribute in the <Request> element. • Fixed errors in the reference section. • Updated cross references to the profiles. • Removed reference to “leaf” nodes in section 7.3.2 since this was unnecessary restriction. • Removed statement in section B.4 which said that the subject-id is a string by default. xacml-3.0-administration-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Fix typos. • Fix errors in examples. xacml-3.0-dsig-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Fixed a broken bookmark in a reference. xacml-3.0-hierarchical-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Fixed typos. • Fix 2.0 -> 3.0 typos in some identifiers. • Improved formatting conventions. • Updated reference to RFC 3986 (was RFC 2396). • Clarified meaning of the profile identifiers (they are only metadata about the functionality). • Improved the URI scheme with XML node pointers. • Use content-selector instead of resource-id for the XML/XPath scheme. • Don’t specify the “ancestor attributes” in the XML/XPath scheme. xacml-3.0-multiple-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Changed name to “Multiple Decision Profile” • Improved abstract. • Updated all text to talk about “multiple decisions” instead of “multiple resources” • The XML/XPath scheme uses now the content-selector and multiple:content-selector attributes instead of resource-id. This also generalizes the XML scheme to other categories than the resource. • Clarified meaning of the profile identifiers (they are only metadata about the functionality). • Separate the “ancestor scheme” and the XML scheme from each other, that is, don’t use the ancestor attributes for the XML scheme. • Reworded some text to make it clearer. • Drop the “EntireHierarchy” scope in favor of the new CombinedDecision XML attribute of the <Request> element. • Added a new section which specifies the overall order of processing of the various schemes. • Drop the XPathExpression scope in favor of the new multiple:content-selector attribute. • Rename some of the schemes and the associated metadata identifiers. xacml-3.0-privacy-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Fixed formatting issues. • Fixed errors in the XML fragment. xacml-3.0-rbac-v1-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Clarified that a permission policy set may contain policy sets. • Fixed formatting issues. • Fixed errors in examples. xacml-profile-saml2.0-v2-spec: • Updated Acknowledgements. • Fixed formatting of OASIS spec references so they correspond to the OASIS template. • Added an extension point to the AuthZ query schema. • Fix formatting issues. • Removed a reference to a non-existing section. In addition to the above, in all schema files: • Fixed schema import cross reference URLs • Fixed OASIS copyright Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]