OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] examples in specification

  • 1.  Re: [xacml] examples in specification

    Posted 10-23-2003 03:06
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: [xacml] examples in specification


    
    
    
    
    Hi, Seth
    
    >the example implies something about the specification that isn't true
    >(ie, that the PDP will interpret the contents of assignments), at least
    >as I read the specification.
    
    I don't agree that the example in section 4.2.4.3 isn't true. The
    obligation described in that rule is "email" with three arguments, an email
    address in the medical record referred by a specific XPath, a text string,
    and subject id in the request context. These three arguments are not for
    PDP but for PEP. PDP does not have to interpret those arguments and the
    whole text string below the obligation element is sent back to PEP as a
    part of the decision. No interpretation by PDP is not required. Instead,
    PEP must understand those parameters but this kind of agreement between PDP
    and PEP is already assumed, as described in section 5.35.
    
    Michiharu
    
    
    
                                                                                                                                            
                          Seth Proctor                                                                                                      
                          <Seth.Proctor@Sun        To:       xacml@lists.oasis-open.org                                                     
                          .COM>                    cc:                                                                                      
                                                   Subject:  [xacml] examples in specification                                              
                          2003/10/22 00:32                                                                                                  
                                                                                                                                            
                                                                                                                                            
    
    
    
    
    [With everyone at the F2F I don't expect a quick response, but I figured
     that if things are getting slow, this will give you something to
     discuss <g>]
    
    I've spent the better part of this morning trying to explain how
    Obligations work. The question came up because of the example in section
    4.2.4.3 (Rule 3). In this example, AttributeAssignments contain
    AttributeSelectors and AttributeDesignators. While this isn't illegal,
    the example implies something about the specification that isn't true
    (ie, that the PDP will interpret the contents of assignments), at least
    as I read the specification.
    
    This isn't the first example that has caused confusion. I know all work
    items were supposed to be submitted before the F2F, but I would like to
    propose that we review & correct all examples before the 2.0 release. I
    don't think this is a work item so much as a natural requirement of
    releasing a major-version revision of a specification, but I haven't
    heard any discussion on the topic. Thoughts?
    
    
    seth
    
    
    To unsubscribe from this mailing list (and be removed from the roster of
    the OASIS TC), go to
    http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php
    .
    
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]