Hello John,
This looks good to me. A couple of notes:
Section 2.2, about subject nationality: It uses "RECOMMENDED" for the
use of ISO country codes. Maybe this should be MUST to make it more
interoperable?
Also, it's unclear to me whether the "nationality" attribute lists only
those nations where the subject is currently a citizen, or all
nationalities the subject has possessed. It doesn't say the latter, but
I am asking because there is also a "current-nationality". What's the
difference? Is the difference that current nationality is single valued
while "nationality" may be multi valued. But then, why would the most
recently assigned nationality be special? The doc is probably as you
intended, but for me reading, it's a bit confusing why it would be like
this. But I don't know much about the US EC regulations... :-)
Section 2.2.3, the location attribute: Do you need a value for if the
subject is located outside any country, like on international waters?
BTW, the same about citizenship. there are people who have no citizenship.
BTW, the location attribute may be difficult to authenticate securely
since it very easy to proxy a network connection through a middle man
located wherever in the world.
2.2.5: what is the definition of a "US person". Maybe you can refer to
some EC law which defines it?
General: Would it be good if there were some general text which explains
why these attributes are sufficient and/or useful for the purposes of
export control?
Best regards,
Erik
john.w.tolbert@boeing.com wrote:
> Working draft for XACML EC-US profile (export control - US).
>
> -- Mr. John Tolbert
>
> The document named Export Control - U.S. (EC-US)
> (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) has been submitted by Mr. John
> Tolbert to the OASIS eXtensible Access Control Markup Language (XACML) TC
> document repository.
>
> Document Description:
> Profile listing attributes for using XACML to make export control (US)
> authorization decisions.
>
> View Document Details:
> http://www.oasis-open.org/committees/document.php?document_id=32131
>
> Download Document:
> http://www.oasis-open.org/committees/download.php/32131/xacml-3.0-ec-us-v1-spec-wd-01-en.doc
>
>
> PLEASE NOTE: If the above links do not work for you, your email application
> may be breaking the link into two pieces. You may be able to copy and paste
> the entire link address into the address field of your web browser.
>
> -OASIS Open Administration