OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Draft BTG Profile

Hi Ludwig

On 26/11/2010 08:53, Ludwig Seitz wrote:
> On Thu, 2010-11-25 at 17:57 +0000, David Chadwick wrote:
>> I dont see the difference between standardising a status code in a
>> profile and standardising an Advice in a profile, except for one thing
> There is another:
> To standardize an Advice Id you don't need to change the core XACML
> standard. To standardize a new status code you need to change the
> standard.

This is because the full list of codes are listed in Section B.9 (or 
B.8), yes?

But what is the standard defined behaviour for a PEP that receives an 
unknown status code? Is this documented anywhere? Probably not. Will 
they crash? Or will they ignore it? Most likely the latter.

So if a profile defines a new status code, whilst from a pure-ist point 
of view this should be in the base standard and not in a profile, 
because the standard does not allow extensibility of this feature, in 
practical terms it wont actually cause any problems to implementations 
will it?

I can accept that Advice is the Correct thing to do for v3, but what is 
the correct solution for v2?



>> Advice is not available to XACMLv2 implementations
> Since your approach necessitates a change in core standard, backwards
> compatibility is gone either way, so I don't see a big drawback with
> using v3 specific stuff (and not changing the core v3 standard).
> /Ludwig


David W. Chadwick, BSc PhD
Professor of Information Systems Security
School of Computing, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]