PDP Issuers re: REST Profile working draft 05

I will comment on the PDP issues here and the PAP issues separately.

My two original comments have not been addressed.

Use of <Request> element vs. the <XACMLAuthzDecisionQuery> element.

Request/response correlation.

I propose the following solutions.

State explicitly that the XACML request type can include either <Request> for XACML core or <XACMLAuthzDecisionQuery> from the SAML Profile. Include normative references to each and state that the processing and response must be as specified in the respective specification. State that when <Request> is used, the additional functionality is not available.

State that when <XACMLAuthzDecisionQuery> is used, requests and responses can be correlated using Request Id and InResponseTo. State that when <Request> is used the PEP must not send a request until the response from a previous response has been received.

Hal

From: Remon Sinnema [mailto:remon.sinnema@emc.com]
Sent: Thursday, May 31, 2012 6:40 PM
To: xacml@lists.oasis-open.org
Subject: [xacml] Groups - REST Profile of XACML v3.0 Version 1.0, working draft 05 uploaded

Submitter's message
Changes:
- PDP is now optional, allowing PAP-only servers
- Added explanatory text for delete example
- Added note on policies contained within policy sets
- Added note that supplied policies must be valid according to the policy schema
- Improved wording in Security section
- Added “lost” paragraph from WD02 about the contents of the entry point resource
- Added text on different types of PAPs
- Added text on policy (version) equality
- Added use of HTTP to conformance section

-- Mr. Remon Sinnema

Document Name: REST Profile of XACML v3.0 Version 1.0, working draft 05

No description provided.
Download Latest Revision
Public Download Link

Submitter: Mr. Remon Sinnema
Group: OASIS eXtensible Access Control Markup Language (XACML) TC
Folder: Specifications and Working Drafts
Date submitted: 2012-05-31 15:39:48

xacml message