[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Groups - XACML v3.0 Related and Nested Entities Profile Version 1.0 uploaded
Thanks for assembling the draft profile. You have put a great deal of work into this.
Given that “domain” has fairly standard meaning in IT, would it be possible to use the term “scope” instead? I think it would work in this context, and prevent unnecessary confusion. “Realm” also might be a less-used and less confusing term, but I think “scope” fits best.
In the examples in section 5.2, I see “relationship-kind”, which seems to be quite a bit like urn:oasis:names:tc:xacml:3.0:ipc:subject:subject-to-organization-relationship.
There is also “start-date”, which is similar to urn:oasis:names:tc:xacml:3.0:ipc:resource:effective-date
For the sake of consistency, could we use the IPC style attributes, even in the examples, so we can keep those aligned?
The examples in 5.3.1 regarding an “approved-export” table actually hint at the existence of behind-the-scenes attribute flattening, since in order to build such a table, the list has to be compiled from interpretation of regulations, exceptions, and individual licenses. Is the intent to demonstrate a capability to import complex tables associated with regulations (such as the US Commerce Control List), and make the table content available to policy authors?
Thanks again for the contribution,