OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Groups - XACML MAP Authorization Profile WD2 modified



Hi Richard,

Here are some comments on WD2 of the MAP Authorization Profile.

Line 51 - The word "for" is duplicated.

Line 114-115 - XACML attributes must have at least one attribute value,
so "or an empty bag" is not an option.

Line 285-293 - The wording here is a bit clunky because it's not an attribute but
a family of attributes being defined. Section 2.1.2 and 2.2.7 do it slightly better.
"Example URN values for this attribute are" should read something like "Example URNs for
the AttributeId of attributes in the Metadata-Attribute family are", otherwise it gives
the impression that these are XACML attribute values.

A number of resource attributes have the requirement that they "MUST be present in a
decision request". This precludes them being provided by a PIP. Is this an acceptable
restriction in the context of MAP ? If not, then "MUST be present in the request
context" would be more lenient.

Several of the attribute URNs in section 4.1 denote families of attribute identifiers
but there's no indication of this except for
urn:oasis:names:tc:xacml:3.0:if-map:content:resource:IDENTIFIER-TYPE:identifier-attribute:ATTR.
The other extensible URNs should be shown in a similar fashion. Italicizing or otherwise
distinguishing the extensible bits would be a good idea.

Your list of committee members is out of date.

Regards,
Steven


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]