[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PAP Issues re: REST Profile working draft 05
I think you need to specify that a policy has to be sufficiently well formed to determine what the policy id and version are. The policy does not need to be correct as specified by XACML, because it may be in the process of being edited and debugged. In section 2.2.3.1, you appear to be using “Cohort” in a way inconsistent with the definition I have proposed. (interchangeable with collection) I don’t object if you want to propose a different definition and get consensus around it, but otherwise I suggest sticking to “collection”. I am still generally uncomfortable with the amount of variability of the semantics you propose to allow. One cannot tell if a policy change will shut down the system or merely update a file. One cannot tell if requests will succeed or fail because a version has been left out or included. I am puzzled that there is no way to update a policy in place. It seems like this would be a natural action. Do we have to increment the version just to fix a misspelled word? Why does delete only delete all versions? What if I just want to get rid of some old versions I am no longer using while keeping the last few? Since nothing is specified about whether policies are trusted, I wonder if we should allow policies to be wrapped as described in chapter 6 of the SAML profile, so they can be suigned? Hal From: Remon Sinnema [mailto:remon.sinnema@emc.com] Submitter's message
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]