Re: [xacml] wd-20 issues

[Erik Rissanen <erik@axiomatics.com>]

Remon,

Thanks. See inline.

On 2011-06-07 07:08, remon.sinnema@emc.com wrote:
> I found the following issues with wd-20:
>
>
> 5.14 Element<Policy>
> 	"<CombinerParameters>  [Optional]
> 	A sequence of parameters to be used by the rule-combining algorithm."
> - Are these parameters only used by the rule-combining algorithm, or also by the policy-combining algorithm?
>

As far as I can tell this is wrong. It should say policy combining, not 
rule combining. But then there is no real definition of how these 
elements apply. I figure the intent is that the <CombinerParameters> 
element applies to the element it is contained in (<Policy> or 
<PolicySet>) since it does not contain a reference. 
<PolicySetCombinerParameters>, <PolicyCombinerParameters> and 
<RuleCombinerParameters> all contain a reference, so they would apply to 
what the reference is pointing.

> 5.14 Element<Policy>
> 	"<ObligationExpressions>  [Optional]
> 	A conjunctive sequence of obligation expressions which MUST be evaluated into obligations byt the PDP."
> - "byt" should be "by". Also in 5.21.
>
>
> 5.16 Element<CombinerParameters>
> 	"If multiple<CombinerParameters>  elements occur within the same policy or policy set, they SHALL be considered equal to one<CombinerParameters>  element containing the concatenation of all the sequences of<CombinerParameters>  contained in all the aforementioned<CombinerParameters>  elements, such that the order of occurence of the<CominberParameters>  elements is preserved in the concatenation of the<CombinerParameter>  elements."
> - "Cominber" should be "Combiner". Also in 5.18, 5.19, and 5.20. Also found "<PolicyCominberParameters>" and"<PolicySetCominberParmeters>".
> - "occurence" should be "occurrence".
> - I have a feeling that some of these "<CombinerParameters>" should be"<CombinerParameter>", but I find that hard to tell with the current wording. Also in 5.18, 5.19, and 5.20.

I think the final <CombinerParameters> should be just 
<CombinerParameter> so it says:  "... such that the order of occurence 
of the <CominberParameter> elements is preserved in the concatenation ..."



> 5.18 Element<RuleCombinerParameters>
> 	"Support for the<RuleCombinerParameters>  element is optional, only if support for combiner parameters is not implemented."
> - This wording is unclear to me. Does this mean that support for<RuleCombinerParameters>  is only optional if support for combiner parameters is not implemented???

I guess it means that if you do implement combiner parameters, you have 
to do that for both policy and rule combining, not just one of them.

> 5.29 Element<AttributeDesignator>
> 	"If the Issuer is not present in the attribute designator, then the matching of the attribute to the named attribute SHALL be governed by AttributeId and DataType attributes alone."
> - And Category.

Yes!

> 5.30 Element<AttributeSelector>
> 	"The values shall be constructed from the node(s) selected by applying the XPath expression given by the element's Path attribute to the XML content indicated by the element's Category attribute."
> - "shall" should be "SHALL".

Yes

> 5.30 Element<AttributeSelector>
> 	"DataType [Required]
> 	The attribute specifies the datatype of the values returned from the evaluation of this<AttributeSelector>  element."
> - "The attribute" should be "This attribute", like everywhere else.

Yes

> 5.41 Element<AttributeAssignmentExpression>
> 	"The value specified SHALL be understood by the PEP, but it is not further specified by XACML."
> - It only SHALL be understood for an obligation, not for an advice.

Well, yes, but advice can be ignored in their entirety, so it would not 
matter. but I guess we could change that.

> 5.44 Element<Attributes>
> - In the XML schema fragment, there is a trailing "<xs:complexType name="SubjectType">" that shouldn't be there.

Will remove.

> 5.49 Element<PolicyIdentifierList>
> - We use "Id" everywhere, so why is this "Identifier" all of a sudden?
> - Also, we use the plural "s" everywhere and here we use "List".

I guess it was a different person who added this element at a later 
stage so it became like that. I would prefer to keep it. It has no 
impact on implementations.

> 6 XPath 2.0 definitions
> - "make user of" should be "make use of".

Will fix for next draft.

> Thanks,
> Ray
>