atom feed43 messages in org.oasis-open.lists.xacmlRe: [xacml] Issue: Hierarchical profi...
FromSent OnAttachments
Rich.LevinsonJan 14, 2009 10:54 pm 
Daniel EngovatovJan 14, 2009 11:23 pm 
Rich.LevinsonJan 15, 2009 6:42 am 
Erik RissanenJan 15, 2009 6:52 am 
Rich.LevinsonJan 15, 2009 8:36 am 
Daniel EngovatovJan 15, 2009 11:09 am 
Anil SaldhanaJan 20, 2009 6:04 pm 
Hal LockhartJan 21, 2009 8:48 am 
Rich.LevinsonFeb 16, 2009 4:22 pm 
Daniel EngovatovFeb 16, 2009 4:48 pm 
Rich.LevinsonFeb 16, 2009 5:40 pm 
Daniel EngovatovFeb 16, 2009 5:59 pm 
Rich.LevinsonFeb 16, 2009 8:05 pm 
Daniel EngovatovFeb 16, 2009 8:39 pm 
Erik RissanenFeb 17, 2009 3:37 am 
Rich.LevinsonFeb 17, 2009 7:40 am 
Rich.LevinsonFeb 17, 2009 7:48 am 
Daniel EngovatovFeb 17, 2009 11:19 am 
Rich.LevinsonFeb 17, 2009 8:33 pm 
Daniel EngovatovFeb 18, 2009 10:15 am 
Seth ProctorFeb 18, 2009 10:29 am 
Daniel EngovatovFeb 18, 2009 11:02 am 
Rich.LevinsonFeb 18, 2009 12:37 pm 
Daniel EngovatovFeb 18, 2009 12:51 pm 
Rich.LevinsonFeb 18, 2009 3:04 pm 
Daniel EngovatovFeb 18, 2009 3:16 pm 
Rich.LevinsonFeb 18, 2009 6:54 pm 
Erik RissanenFeb 19, 2009 6:57 am 
Daniel EngovatovFeb 19, 2009 10:59 am 
Rich.LevinsonFeb 19, 2009 8:02 pm 
Rich.LevinsonFeb 19, 2009 9:11 pm 
Erik RissanenFeb 20, 2009 1:34 am 
Erik RissanenFeb 20, 2009 1:41 am 
Rich.LevinsonFeb 20, 2009 2:12 am 
Erik RissanenFeb 20, 2009 2:30 am 
Rich.LevinsonFeb 20, 2009 8:14 am 
Rich.LevinsonFeb 20, 2009 8:55 am 
Daniel EngovatovFeb 20, 2009 10:37 am 
Daniel EngovatovFeb 20, 2009 10:37 am 
Rich.LevinsonFeb 20, 2009 10:46 am 
Daniel EngovatovFeb 20, 2009 11:01 am 
Rich.LevinsonFeb 20, 2009 1:22 pm 
Daniel EngovatovFeb 20, 2009 3:03 pm 
Subject:Re: [xacml] Issue: Hierarchical profile appears ambiguous and inconsistent
From:Daniel Engovatov (dan@streamdynamics.com)
Date:Feb 19, 2009 10:59:27 am
List:org.oasis-open.lists.xacml

On Feb 19, 2009, at 6:57 AM, Erik Rissanen wrote:

All,

I've been in a rush today, so I haven't followed every detail in the discussion, but basically, here is how it appears to me:

* The profile, as it stands today, does specify the limited URI scheme which Rich describes. It says in section 2.2 that:

--8<-- The <pathname> portion of the URI SHALL be of the form

<root name> [ “/” <node name> ]*

The sequence of <root name> and <node name> values SHALL correspond to the individual hierarchical component names of ancestors of the represented node along the path from a <root> node to the represented node. --8<--

So it in fact says that the identifiers must consists of paths with the names of the ancestors.

* If I understand Daniel correctly, he says that each node should be allowed to have a name which is entirely independent of the other nodes in the hierarchy. Relations between the nodes are maintained in a manner not specified by XACML and are expressed in XACML Requests and policies in the form of the attributes resource- parent, resource-ancestor, etc. I think that the more general approach advocated by Daniel would be the correct way to go, so I agree with him (and Seth I believe. :-))

Yes, in fact the URI identifiers are not needed at all. Any opaque unique string will work just as well. UUID works fine.

* I also think as suggested on the XACML comments/users list that the data type of the node identifier should not be limited to URIs only.

It does not hurt to have a recommended form of UUID. They just do not need to imply any hierarhy, as this is too restrictive.

But I would prefer to leave major changes to the hierarchical profile out of the first batch of CD documents.

Daniel;

--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php