OASIS eXtensible Access Control Markup Language (XACML) TC

Expand all | Collapse all

Groups - Export Control - U.S. (EC-US) (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) uploaded

  • 1.  Groups - Export Control - U.S. (EC-US) (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) uploaded

    Posted 04-17-2009 17:32
    Working draft for XACML EC-US profile (export control - US).
    
     -- Mr. John Tolbert
    
    The document named Export Control - U.S. (EC-US)
    (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) has been submitted by Mr. John
    Tolbert to the OASIS eXtensible Access Control Markup Language (XACML) TC
    document repository.
    
    Document Description:
    Profile listing attributes for using XACML to make export control (US)
    authorization decisions.  
    
    View Document Details:
    http://www.oasis-open.org/committees/document.php?document_id=32131
    
    Download Document:  
    http://www.oasis-open.org/committees/download.php/32131/xacml-3.0-ec-us-v1-spec-wd-01-en.doc
    
    
    PLEASE NOTE:  If the above links do not work for you, your email application
    may be breaking the link into two pieces.  You may be able to copy and paste
    the entire link address into the address field of your web browser.
    
    -OASIS Open Administration
    


  • 2.  Re: [xacml] Groups - Export Control - U.S. (EC-US) (xacml-3.0-ec-us-v1-spec-wd-01-en.doc)uploaded

    Posted 05-18-2009 15:03
    Hello John,
    
    This looks good to me. A couple of notes:
    
    Section 2.2, about subject nationality: It uses "RECOMMENDED" for the 
    use of ISO country codes. Maybe this should be MUST to make it more 
    interoperable?
    
    Also, it's unclear to me whether the "nationality" attribute lists only 
    those nations where the subject is currently a citizen, or all 
    nationalities the subject has possessed. It doesn't say the latter, but 
    I am asking because there is also a "current-nationality". What's the 
    difference? Is the difference that current nationality is single valued 
    while "nationality" may be multi valued. But then, why would the most 
    recently assigned nationality be special? The doc is probably as you 
    intended, but for me reading, it's a bit confusing why it would be like 
    this. But I don't know much about the US EC regulations... :-)
    
    Section 2.2.3, the location attribute: Do you need a value for if the 
    subject is located outside any country, like on international waters? 
    BTW, the same about citizenship. there are people who have no citizenship.
    
    BTW, the location attribute may be difficult to authenticate securely 
    since it very easy to proxy a network connection through a middle man 
    located wherever in the world.
    
    2.2.5: what is the definition of a "US person". Maybe you can refer to 
    some EC law which defines it?
    
    General: Would it be good if there were some general text which explains 
    why these attributes are sufficient and/or useful for the purposes of 
    export control?
    
    Best regards,
    Erik
    
    
    
    john.w.tolbert@boeing.com wrote:
    > Working draft for XACML EC-US profile (export control - US).
    > 
    >  -- Mr. John Tolbert
    > 
    > The document named Export Control - U.S. (EC-US)
    > (xacml-3.0-ec-us-v1-spec-wd-01-en.doc) has been submitted by Mr. John
    > Tolbert to the OASIS eXtensible Access Control Markup Language (XACML) TC
    > document repository.
    > 
    > Document Description:
    > Profile listing attributes for using XACML to make export control (US)
    > authorization decisions.  
    > 
    > View Document Details:
    > http://www.oasis-open.org/committees/document.php?document_id=32131
    > 
    > Download Document:  
    > http://www.oasis-open.org/committees/download.php/32131/xacml-3.0-ec-us-v1-spec-wd-01-en.doc
    > 
    > 
    > PLEASE NOTE:  If the above links do not work for you, your email application
    > may be breaking the link into two pieces.  You may be able to copy and paste
    > the entire link address into the address field of your web browser.
    > 
    > -OASIS Open Administration