OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  The trusted issuer

    Posted 08-24-2007 10:42
    All,
    
    I propose that we drop the explicit identifiers for the trusted issuer 
    in the delegation draft. (Section 5.4 in the delegation profile working 
    draft 17.)
    
    The reason for introducing the explicit trusted issuer was that someone 
    in some discussion was concerned that it is easy to make a mistake by 
    forgetting to include the issuer.
    
    But for reasons of backwards compatibility we want a policy without an 
    issuer to be considered trusted anyway. With this, I don't see much 
    point in having the explicit trusted issuer in there. It just makes 
    things more complex. Both for the spec and for code which has to deal 
    with more special cases.
    
    Regards,
    Erik
    
    


  • 2.  Re: [xacml] The trusted issuer

    Posted 08-30-2007 14:55
    All,
    
    This is just an email to defer the discussion of this issue to the next 
    meeting.
    
    Also, add to the discussion the option to always require an issuer, that 
    is policies without issuers are not allowed at all in 3.0.
    
    Regards,
    Erik
    
    
    Erik Rissanen wrote:
    > All,
    >
    > I propose that we drop the explicit identifiers for the trusted issuer 
    > in the delegation draft. (Section 5.4 in the delegation profile 
    > working draft 17.)
    >
    > The reason for introducing the explicit trusted issuer was that 
    > someone in some discussion was concerned that it is easy to make a 
    > mistake by forgetting to include the issuer.
    >
    > But for reasons of backwards compatibility we want a policy without an 
    > issuer to be considered trusted anyway. With this, I don't see much 
    > point in having the explicit trusted issuer in there. It just makes 
    > things more complex. Both for the spec and for code which has to deal 
    > with more special cases.
    >
    > Regards,
    > Erik
    >