Hi Bill,
I agree that the Abstract should be fixed, but I suggest using the
abstract from CS01,
which also includes the reason for the name of the profile:
http://docs.oasis-open.org/xacml/3.0/xacml-3.0-rbac-v1-spec-cs-01-en.pdf
"Abstract:
This specification defines a profile for the use of XACML in
expressing policies that use role based access control (RBAC). It
extends the XACML Profile for RBAC Version 1.0 to include a
recommended AttributeId for roles, but reduces the scope to
address only “core” and “hierarchical” RBAC. This specification
has also been updated to apply to XACML 3.0."
i.e. in order to change the name the abstract would have to be
changed
to provide notice that only part of RBAC is supported, namely the
core
and hierarchical parts.
So, I think it is less confusing for readers who are new to the
profile and
probably familiar w RBAC, to leave it as is, so they are immediately
notified by the title that only the specified subset is supported.
I think it is only people familiar w xacml specs that might be
confused
by the title, but they should quickly discover that there is a good
reason
for the title.
In addition, the notions of "core RBAC" and "hierarchical RBAC" are
woven thru-out the text and if these terms were not in the title,
abstract, then there would need to be some significant up-front
intro to these concepts, and explanation that they are the ONLY
part of RBAC that is supported. w/o such an intro, where they
are introduced in section 4 would seem to be popping up out
of the blue, imo.
This all happened long before my time on the TC, but I have found
that
almost all of the work done on the early versions of the specs (and
the
current versions as well for that matter) was well thought out and
that
there are solid reasons for a lot of things that may not be obvious
when
first encountered.
Therefore I am generally skeptical about proposed changes that are
intended to "simplify" that which may have good reason to be more
complicated than one might at first think.
Thanks,
Rich
On 8/7/2014 9:33 PM, Bill Parducci
wrote:
I just realized the Abstract in the latest Working Draft of the RBAC Profile has the template text in it. I personally consider fixing this to be non-material, but if there is concern that it is not then please let me know so that I can notify TC Admin. I suggest the default text be replaced with "Profile for the use of XACML to be used for Role Based Access Control."
If we do pull it back, then I would like to revisit the name. I think having "Core" in the title can be confusing.
thanks
b
---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
--
Thanks, Rich
<oracle_sig_logo.gif>
Rich Levinson | Internet Standards Security
Architect
Mobile: +1 978 5055017
Oracle Identity Management
45 Network Drive | Burlington, Massachusetts 01803
<green-for-email-sig_0.gif>
Oracle is committed to developing practices
and products that help protect the environment