OASIS eXtensible Access Control Markup Language (XACML) TC

Back to discussions
Expand all | Collapse all

Re: [xacml] Questions about Context

  • 1.  Re: [xacml] Questions about Context

    Posted 07-17-2002 10:58 
     MHonArc v2.5.2 -->

















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: Re: [xacml] Questions about Context
    







    



    
1. Both the subject and the action information in the response context are
redundant for the application which holds the request context data. For
simplicity, we don't need those elements in the response context. Besides,
it might be useful to have some placeholder element in the response context
where each application can put any information.

2. I prefer "Environment".

3. I thought that NameQualifier just corresponds to SAML's NameQualifier.

4. No preference.

5. xs:string is fine with me.

6. Scope may not be needed in response.

Michiharu

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428




                                                                                                                                       
                      Tim Moses                                                                                                        
                      <tim.moses@entrus        To:       "'XACML'" <xacml@lists.oasis-open.org>                                        
                      t.com>                   cc:                                                                                     
                                               Subject:  [xacml] Questions about Context                                               
                      2002/07/17 04:41                                                                                                 
                      Please respond to                                                                                                
                      Tim Moses                                                                                                        
                                                                                                                                       
                                                                                                                                       



Colleagues - I have the following questions about Context.


1. Should we repeat Subject and Actions in the Response?  If there are
multiple Subjects and Actions in the Request, will it always be clear which
Subject was permitted which Action?


2. Should we call "Other" "Environment"?  The term "Other" doesn't convey
much information to the reader.


3. What is the purpose of the Qualifier attribute in the SubjectIdType
definition?


4. In Policy.xsd we use the term "Designator" (policy, rule, attribute).
In Context.xsd we use the term "ResourceSpecifier".  Is this inconsistent?


5. In ResourceSpecifier the ResourceId is of type xs:anyURI.  Should this
not be xs:string?  Otherwise, non-xml resource instances cannot be named.


6. The Scope element is in both the Request and the Response.  Do we need
it in the Response?  Will one ever want to say the Request is permitted for
children, but not for descendants, etc.?


Do we need a discussion to answer these questions?  All the best.  Tim.


-----------------------------------------
Tim Moses
Tel: 613.270.3183









    





    






    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content