OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Groups - EC-US WD-03 uploaded

For “license”, I think the range should be either string or anyURI.


For “jurisdiction”, I don’t know.  As far as I can tell the overwhelming practice is to “classify” things as either “EAR” or “ITAR” (or “Commercial” or “Military”).  Then we analyze it a bit further, and discover that the reason we classify things like that is because they fall under the jurisdiction of one governmental agency or another, or more specifically are controlled by a specific set of regulations known as “ITAR” and “EAR”.  So if we think that “jurisdiction” points to either a government agency or a set of regulations, a URI might be better.  However, just as a label for a classification, the strings “ITAR” and “EAR” work well and conform to current practice.  Presumably as the egov initiative progresses the US government might create URIs for the ITAR and EAR regulations.  But for this spec I think “ITAR” and “EAR” are suitable.


Organization values pose a tougher problem.  I’m all for reducing ambiguity, but I’m not sure that creating a new set of values in an OASIS namespace is the best way.  I’d rather wait for the registering bodies themselves to define such identifiers.  A few years back I tried to determine if Dun & Bradstreet endorsed some URL format that incorporated DUNS numbers, but could not find any evidence of that.  I predict that as the web community work through all their “identity in the cloud” issues they will settle on a few reliable methods for unambiguously identifying people and organizations.  In the meanwhile, cooperating parties will just have to work out something.


The general issue of when to use strings and when to use anyURI for attribute values calls for some study.  That is probably a subject for a different email thread, but since the issue has come up a few times recently it might be good to adopt some general guidelines.  For example, I have seen an ontology in which countries were identified with a full URI built with “iso3166” in the path (instead of just bare 2-letter strings).  But I would not be inclined to use such values for “nationality” and “location” in this profile.





From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Erik Rissanen
Sent: Wednesday, 30 November, 2011 09:14
To: xacml@lists.oasis-open.org
Subject: Re: [xacml] Groups - EC-US WD-03 uploaded



Regarding the following attributes, I think they would be better enumerated using a URI data type:


Regarding organization, we should define a URI prefix for the DUNS representation since you promote it. For instance, a DUNS number of 12345 would be encoded as urn:oasis:tc:xacml:ec:organization-value:duns:12345

This way the organization attribute could be extended in the future to cover other schemes. I am not saying we should define it in the standard now, but for example a national id scheme could be done like this: urn:oasis:tc:xacml:ec:organization-value:national:se:5567081012. (Which is the Axiomatics organizational identifier in Sweden. ;-))

Best regards,

On 2011-11-28 22:52, John Tolbert wrote:

Submitter's message
Updating EC-US with the following changes:

Classification becomes Jurisdiction

Add resource attribute for License

I'd like to move this to committee draft soon, along with IPC.

-- Mr. John Tolbert

Document Name: EC-US WD-03

Export Control US working draft 3
Download Latest Revision
Public Download Link

Submitter: Mr. John Tolbert
Group: OASIS eXtensible Access Control Markup Language (XACML) TC
Folder: Specifications and Working Drafts
Date submitted: 2011-11-28 13:52:44


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]