MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: My take on WI's 37-40
37. Multiple <AttributeValue> elements for single <Attribute> in Request
Allow
<Attribute ID=X>
<AttributeValue>A</AttributeValue>
<AttributeValue>B</AttributeValue>
<AttributeValue>C</AttributeValue>
</Attribute>
as shorthand for
<Attribute ID=X>
<AttributeValue>A</AttributeValue>
</Attribute>
<Attribute ID=X>
<AttributeValue>A</AttributeValue>
</Attribute>
<Attribute ID=X>
<AttributeValue>A</AttributeValue>
</Attribute>
TYPE: Simplicity of Request construction
STATUS: Needs proposal. Related: #1.
PROPOSAL:
CHAMPION: Frank Siebenlist
F2F: ?
[Hal] Ok, I am confused. I thought these were multi-value. The designators
and selectors all return bags. Let's talk about it at the F2F.
38. Policies for the Administration of XACML Policies
XACML defines a language to express policies about access to
resources. But it is also desirable to create policies about
the creation, modification and deletion of XACML policies. In
a sense XACML already allows this, since XACML policies are
agnostic to the semantics of the resources being
protected. However, it is very desirable for administrative
policies to specify not the "name" of policies being
administered, but their "content."
TYPE: New functionality
STATUS: Open issues.
PROPOSAL:
http://lists.oasis-open.org/archives/xacml/200308/msg00050.html
CHAMPION: Hal Lockhart
F2F: ?
[Hal] Polar suggested we simply specify the allowed Targets. It seems to me
this would work, but I am less sure it would meet all reasonable
requirements. Would like to discuss at F2F.
39. Make Status in the XACML Response optional
Makes it possible to allow Status for Indeterminate situations
to be conveyed in the protocol envelope (such as SAML
DecisionStatement) rather than in the XACML Response for cases
where that is more appropriate. Avoids having redundant and
possibly inconsistent Status fields when XACML Response is
carried in some envelope that also has a Status.
TYPE: New functionality
STATUS: Needs proposal.
PROPOSAL:
CHAMPION: Hal Lockhart
F2F: No (resolve by e-mail)
[Hal] I agree. All it needs is minOccurs="0" and a little text.
40. Define a SAML PolicyQuery and PolicyStatement
Define syntax for SAML that will allow a Query for one or more
Policy or PolicySet instances with specified Policy[Set]Ids,
and will return the requested instances in a PolicyStatement
in a SAML Assertion.
TYPE: New functionality.
STATUS: Needs proposal.
PROPOSAL:
CHAMPION: Hal Lockhart
F2F: No (not tied to XACML 2.0)
[Hal] I think we need to discuss if we want the generic policy layer.
Hal
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]