[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-comment] Suggestion for the XACML MAP Authorization Profile and others
Generally there is a tendency to avoid duplicating information within a document to reduce the possibility of accidentally updating one part of the profile and forgetting to update the other.
The conformance section is intended to simply specify what parts of the spec (described elsewhere) are mandatory to implement. The general question is how much of the MTI sections in question need to be repeated in the conformance section. I guess our general answer has been” only enough to unambiguously indicate what is required for conformance.
There is an argument that implementers should always make use of the section defining the functionality because there many be important details which do not appear elsewhere. It is not clear to me that having some but not all additional information repeated in the conformance section is really useful.
WRT to the items you want to add:
Datatype should always be specified by a profile
Category can potentially be a list of permitted categories, such as “all subject types”, “only resource and action”, etc.
I don’t see how a profile can specify anything about Issuer. This is generally deployment-specific.