OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  Abbreviated names for the XACML categories in the JSON profile

    Posted 04-14-2014 14:04
    Hi, In his latest series of comments on the JSON profile on the xacml-dev list, Glenn rightly pointed out that I was being inconsistent in the way I define shorthand names for the XACML categories. All the categories are shortened the same way (i.e. keep whatever comes after the last colon) except for  urn:oasis:names:tc:xacml:1.0:subject-category:access-subject  which is currently shortened as subject. I did that because most individuals I talk do not understand access-subject but do understand subject. It's also because access-subject is the only subject category widely used, the others not being so common. Glenn was suggesting I shorten  urn:oasis:names:tc:xacml:1.0:subject-category:access-subject  to access-subject for consistency's sake. I then replied I' turn to the TC for a final decision. There are three options: (a) go for access-subject. This way the shorthand is consistent for all categories (b) go for subject. It is more understandable (c) allow for both. What is your preferred option? I would like to decide on this before our next call so that I can upload WD17 before the meeting to move it ahead. Reference: the table in question Identifier Short name urn:oasis:names:tc:xacml:3.0:attribute-category:resource resource urn:oasis:names:tc:xacml:3.0:attribute-category:action action urn:oasis:names:tc:xacml:3.0:attribute-category:environment environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject subject urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject recipient-subject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject intermediary-subject urn:oasis:names:tc:xacml:1.0:subject-category:codebase codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine requesting-machine Cheers, David.


  • 2.  Re: [xacml] Abbreviated names for the XACML categories in the JSON profile

    Posted 04-15-2014 00:30
    Hi David, On 15/04/2014 12:03 AM, David Brossard wrote: Hi, In his latest series of comments on the JSON profile on the xacml-dev list, Glenn rightly pointed out that I was being inconsistent in the way I define shorthand names for the XACML categories. All the categories are shortened the same way (i.e. keep whatever comes after the last colon) except for urn:oasis:names:tc:xacml:1.0:subject-category:access-subject which is currently shortened as subject. I did that because most individuals I talk do not understand access-subject but do understand subject. It's also because access-subject is the only subject category widely used, the others not being so common. Glenn was suggesting I shorten urn:oasis:names:tc:xacml:1.0:subject-category:access-subject to access-subject for consistency's sake. I then replied I' turn to the TC for a final decision. There are three options: (a) go for access-subject. This way the shorthand is consistent for all categories (b) go for subject. It is more understandable (c) allow for both. What is your preferred option? I would like to decide on this before our next call so that I can upload WD17 before the meeting to move it ahead. I would vote for consistency with the core specification, i.e., (a). Regards, Steven Reference: the table in question *Identifier* *Short name* urn:oasis:names:tc:xacml:3.0:attribute-category:resource resource urn:oasis:names:tc:xacml:3.0:attribute-category:action action urn:oasis:names:tc:xacml:3.0:attribute-category:environment environment urn:oasis:names:tc:xacml:1.0:subject-category:access-subject */subject/* urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject recipient-subject urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject intermediary-subject urn:oasis:names:tc:xacml:1.0:subject-category:codebase codebase urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine requesting-machine Cheers, David.


  • 3.  RE: [xacml] Abbreviated names for the XACML categories in the JSON profile

    Posted 04-15-2014 06:24
    +1 >


  • 4.  Re: [xacml] Abbreviated names for the XACML categories in the JSON profile

    Posted 04-15-2014 16:06
    +! Consistency with the core spec is good.  I also think that although access-subject is by far the most common at the moment,  the other might become more prevalent as more people use the spec. Allan Simplify Email: Email Charter Allan Foster - ForgeRock Vice President Technology & Standards Office of the CTO Location: Vancouver, WA, US p: +1.360.229.7102 email: allan.foster@forgerock.com www: www.forgerock.com www: www.forgerock.org blogs: blogs.forgerock.com/GuruAllan On 4/14/14, 11:23 PM, Sinnema, Remon wrote: +1