W3C home > Mailing lists > Public > public-dap-commits@w3.org > June 2010

2009/dap/policy Framework.html,1.9,1.10

From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
Date: Fri, 18 Jun 2010 23:31:48 +0000
To: public-dap-commits@w3.org
Message-Id: <E1OPl2K-0001jj-3P@lionel-hutz.w3.org>
Update of /sources/public/2009/dap/policy
In directory hutz:/tmp/cvs-serv6659

Modified Files:
	Framework.html 
Log Message:
get rid of some internal links


Index: Framework.html
===================================================================
RCS file: /sources/public/2009/dap/policy/Framework.html,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- Framework.html	18 Jun 2010 23:27:48 -0000	1.9
+++ Framework.html	18 Jun 2010 23:31:46 -0000	1.10
@@ -46,13 +46,17 @@
       trust domains. For example, a fine-grained access policy is necessary to grant
       or deny access to individual APIs for individual web applications.
     </p> <p>
-      This framework is based on a very general model that governs both trust domain access by <a href=#subject>subjects</a>
-      to <a href=#resource>resources</a> based on a hierarchy of <a href=#trust-policy>trust policies</a>, <a href=#access-policy>access policies</a> and <a href=#policy-set>policy sets</a>, where each policy
+      This framework is based on a very general model that governs
+      both trust domain access by <a href=#subject>subjects</a> 
+      to <a href=#resource>resources</a> based on a hierarchy
+      of <a href=#trust-policy>trust
+      policies</a>, access policies
+      and <a href=#policy-set>policy sets</a>, where each policy 
       consists of a number of <a href=#rule>rules</a>.
       A subject corresponds to an entity that may attempt security-relevant actions and represents a single identity. This identity can describe either a widget resource or a website. 
       Resources are associated with the API <a href=#feature>features</a> and <a href=#device-capability>device capabilities</a> used to access device features or services (e.g. the location module or PIM database) that are being protected.
       Subjects and resources are characterised by a
-      number of defined <a href=#subject-attributes>subject attributes</a> and <a href=#resource-attributes>resource attributes</a>, respectively. A range of
+      number of defined <a href=#subject-attribute>subject attributes</a> and <a href=#resource-attribute>resource attributes</a>, respectively. A range of
       attributes is defined so that access policies can be expressed based
       on a widget resource signer's identity, or an individual widget resource
       identity, or the widget resource signature’s root certificate, or a website's
@@ -184,7 +188,7 @@
 	independently of the JavaScript APIs used to access them.
       </p>
       <p>
-	For both JavaScript API and device capability access control layers, access permissions are guaranteed or restricted on a basis of  via <strong><em><dfn id="access-control-policy">access control policies</dfn></em></strong>. In general, access control policies will select the effect of a particular access request depending on the <a href=#resource-attributes>resources attributes</a> captured when the request happened.
+	For both JavaScript API and device capability access control layers, access permissions are guaranteed or restricted on a basis of  via <strong><em><dfn id="access-control-policy">access control policies</dfn></em></strong>. In general, access control policies will select the effect of a particular access request depending on the <a href=#resource-attribute>resources attributes</a> captured when the request happened.
       </p>
     </section> <!-- device capability access control layer -->
     <section id=feature-capability-reqs>
@@ -325,8 +329,8 @@
 	  execution of a document belonging to a widget resource.
 	  </p> <p> Operations occurring in the execution of a
 	  remotely hosted document that has been loaded by a
-	  widget (for example in an iframe) use a <a
-	  href=#website-identity>website identity</a>. </p> 
+	  widget (for example in an iframe) use a 
+website identity. </p> 
 </dd>
 <dt><dfn id="resource-attribute">resource attribute</dfn></dt>
 <dd><p>Every resource is associated with a set of
@@ -468,14 +472,15 @@
       <li><p>When the application in question attempts an action
       (attempts to invoke a JavaScript API, say). This identifies
       the <a href=#resource>resource</a> and all
-      associated <a href=#resource-attributes>resource attributes</a>
+      associated <a href=#resource-attribute>resource attributes</a>
       including <a href=#api-feature><code>api-feature</code></a> and,
       where
-      applicable, <a href=#device-cap><code>device-cap</code></a>
+      applicable,<code>device-cap</code>
       resource attribute if the action entails use of a device
       capability. Any parameters used by any such device capability
       use, where designated as being security-relevant, are also
-      captured within a <a href=Profile.html#parameter><code>param:name</code></a>
+      captured within
+      a <code>param:name</code>
       resource attribute;</p></li> 
       <li><p>the <a href=#environment-attribute>environment attributes</a> are also captured;</p></li>
       <li><p>the set of resource and environment attribute values
Received on Friday, 18 June 2010 23:31:49 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 18 June 2010 23:31:49 GMT