I agree that the Abstract should be fixed, but I suggest using the
abstract from CS01,
which also includes the reason for the name of the profile:
This specification defines a profile for the use of XACML in
expressing policies that use role based access control (RBAC). It
extends the XACML Profile for RBAC Version 1.0 to include a
recommended AttributeId for roles, but reduces the scope to
address only “core” and “hierarchical” RBAC. This specification
has also been updated to apply to XACML 3.0."
i.e. in order to change the name the abstract would have to be
to provide notice that only part of RBAC is supported, namely the
and hierarchical parts.
So, I think it is less confusing for readers who are new to the
probably familiar w RBAC, to leave it as is, so they are immediately
notified by the title that only the specified subset is supported.
I think it is only people familiar w xacml specs that might be
by the title, but they should quickly discover that there is a good
for the title.
In addition, the notions of "core RBAC" and "hierarchical RBAC" are
woven thru-out the text and if these terms were not in the title,
abstract, then there would need to be some significant up-front
intro to these concepts, and explanation that they are the ONLY
part of RBAC that is supported. w/o such an intro, where they
are introduced in section 4 would seem to be popping up out
of the blue, imo.
This all happened long before my time on the TC, but I have found
almost all of the work done on the early versions of the specs (and
current versions as well for that matter) was well thought out and
there are solid reasons for a lot of things that may not be obvious
Therefore I am generally skeptical about proposed changes that are
intended to "simplify" that which may have good reason to be more
complicated than one might at first think.
On 8/7/2014 9:33 PM, Bill Parducci
I just realized the Abstract in the latest Working Draft of the RBAC Profile has the template text in it. I personally consider fixing this to be non-material, but if there is concern that it is not then please let me know so that I can notify TC Admin. I suggest the default text be replaced with "Profile for the use of XACML to be used for Role Based Access Control."
If we do pull it back, then I would like to revisit the name. I think having "Core" in the title can be confusing.
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
Rich Levinson | Internet Standards Security
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
Oracle is committed to developing practices
and products that help protect the environment