[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Groups - XACML Implementor's Guide Version 3.0 (xacml-implement-guide-3.0-02-05.doc) uploaded
This revision does not incorporate planned changes beyond wd-20, which will impact some of the combining alg discussion. Also, change bars not included because of some distracting problems, but can be available on request. This revision does add explanatory discussion about the referenced paper, which may prove useful background, in general, to the changes that have been made to the combining algorithms in 3.0. It also explains what appears to have been a flaw in the reasoning of the authors of the reference, regarding the "6-valued approach", which is the approach used in 3.0, and appears at present to be correct. In particular, the fundamental change is to remove the 2.0 self-contradiction about Ind, which was, for example in deny-overrides that D > Ind > P > Ind > NA at the Rule level, but that was lost at the Policy level, which resulted in scenarios where a Permit could be overridden by a Policy that could only return a Permit but was indeterminate, resulting in the return of a Deny, despite the fact that there was no possible way for Deny to be returned. The new section 2.1.1.1 explains the problems in the reference, and it explains w more clarity what the core model is for "combining". -- Rich Levinson The document revision named XACML Implementor's Guide Version 3.0 (xacml-implement-guide-3.0-02-05.doc) has been submitted by Rich Levinson to the OASIS eXtensible Access Control Markup Language (XACML) TC document repository. This document is revision #1 of xacml-implement-guide-3.0-01-02.doc. Document Description: This is a first draft to re-establish the long-discussed Implementor's Guide, which was started early in the history of the TC: http://www.oasis-open.org/committees/xacml/repository/xacml-implement-guide-1.1.doc, but has not had attention directly paid to it in several years. The reason for resurrecting it now is to explain the situation with the combining algorithms that has been discussed recently in the TC. The issues are subtle (and the doc has a ref in it that points to other efforts that have been made to address this issue, which I just "discovered", so it gives us a reference point for further exploration). However, the description currently in the document is intended to fully explain the issue to implementors and users alike, and should be useful for fielding future questions about these algorithms as well as providing a platform for addressing additional aspects of the issue plus addressing other issues as well as the need and motivation to resolve arises. At this point, the suggestion is to maintain the document in the manner of the original, and, as such it is written using the original as the basis and change bars are wrt original. View Document Details: http://www.oasis-open.org/committees/document.php?document_id=42358 Download Document: http://www.oasis-open.org/committees/download.php/42358/xacml-implement-guide-3.0-02-05.doc Revision: This document is revision #1 of xacml-implement-guide-3.0-01-02.doc. The document details page referenced above will show the complete revision history. PLEASE NOTE: If the above links do not work for you, your email application may be breaking the link into two pieces. You may be able to copy and paste the entire link address into the address field of your web browser. -OASIS Open Administration
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]