Re: [xacml] RE: RuleID

[Steven Legg <steven.legg@viewds.com>]

Ray & Danny,

I can't find any explicit statement about the uniqueness of RuleID, but there
is a pragmatic requirement in that the <RuleCombinerParameters> element
references a rule. RuleIDs have to at least be unique within a policy so
that the rule references in <RuleCombinerParameters> elements are
unambiguous. Of course there are no standardized rule combining algorithms
that use parameters, so this is a weak requirement.

Or it might be no requirement at all. I notice that <PolicyCombinerParameters>
and <PolicySetCombinerParameters> reference a PolicyId or a PolicySetId
without a version. Since the consensus seems to be that only the combination
of Id and version should be unique, it is possible that <PolicyCombinerParameters>
and <PolicySetCombinerParameters> can have ambiguous references. It would only
happen if different versions of the same policy (set) were children of the
same parent policy set, which is odd, but I don't see anything that rules
it out. The wording of the core spec suggests that ambiguous references are
unintended.

Steven

On 16/10/2013 4:12 AM, Danny Thorpe wrote:
> RuleId only has to be unique within its containing policy.  Reason: Rules can’t be referenced outside of their policy.
>
> -Danny
>
> *Danny Thorpe *
>
> Authorization Architect
>
> *Dell*| Identity & Access Management, Quest Software
>
> Quest Software is now part of Dell.
>
> *From:*xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] *On Behalf Of *Sinnema, Remon
> *Sent:* Monday, October 14, 2013 11:09 PM
> *To:* xacml@lists.oasis-open.org
> *Subject:* [xacml] RuleID
>
> All,
>
> Is RuleID supposed to be globally unique, or only unique within a policy? I couldn’t find a statement about that in the core spec.
>
> Thanks,
>
> Ray