W3C home > Mailing lists > Public > public-dap-commits@w3.org > June 2010

2009/dap/policy Profile.html,1.8,1.9

From: Frederick Hirsch via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 21 Jun 2010 12:53:12 +0000
To: public-dap-commits@w3.org
Message-Id: <E1OQgUy-0001n3-O1@lionel-hutz.w3.org>
Update of /sources/public/2009/dap/policy
In directory hutz:/tmp/cvs-serv6864

Modified Files:
	Profile.html 
Log Message:
fix additional validation errors


Index: Profile.html
===================================================================
RCS file: /sources/public/2009/dap/policy/Profile.html,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -d -r1.8 -r1.9
--- Profile.html	21 Jun 2010 12:33:29 -0000	1.8
+++ Profile.html	21 Jun 2010 12:53:10 -0000	1.9
@@ -196,19 +196,31 @@
 	<h3>Condition</h3>
 	  <p>The <code>condition</code> of a <code>rule</code> specifies
 	  extra criteria that need to be matched before the
-	  <code>rule</code> becomes applicable. </p> <p> The
+	  <code>rule</code> becomes applicable. </p> 
+      <p> The
 	  <code>condition</code> consists of one or more attribute
 	  matches, combined with AND and OR operators into an
-	  arbitrarily nested tree. </p> <p> The AND operator is
-	  evaluated as follows: <ul> <li>is determined and has
+	  arbitrarily nested tree. </p> 
+      <p> The AND operator is
+	  evaluated as follows:</p>
+      <ul> 
+        <li>is determined and has
 	  value “no match” if any input is “no match”</li>
 	  <li>otherwise is undetermined if any input is
-	  undetermined</li> <li>otherwise is determined and has
-	  value “match”</li> </ul> The OR operator is evaluated as
-	  follows: <ul> <li>is determined and has value “match” if
-	  any input is “match”</li> <li>otherwise is undetermined
-	  if any input is undetermined</li> <li>otherwise is
-	  determined and has value “no match”</li> </ul> </p>
+	  undetermined</li> 
+      <li>otherwise is determined and has
+      value “match”</li> 
+      </ul>
+      <p> The OR operator is evaluated as
+	  follows:</p>
+      <ul> 
+        <li>is determined and has value “match” if
+	  any input is “match”</li> 
+      <li>otherwise is undetermined
+	  if any input is undetermined</li> 
+      <li>otherwise is
+	  determined and has value “no match”</li> 
+    </ul>
   </section> <!-- decision -->
   <section id="policy">
 	<h3>Policy</h3>
@@ -385,68 +397,95 @@
 	    <h4>Deny-Overrides Combining Algorithm</h4>
 	      <p>The Deny-Overrides Combining Algorithm is usable as a
 	      policy-combining algorithm and as a rule-combining
-	      algorithm. </p> <p>The overall result of a
-	      <code>query</code> is evaluated as follows: <ul> <li>if any
+	      algorithm. </p> 
+          <p>The overall result of a
+	      <code>query</code> is evaluated as follows:</p>
+          <ul> 
+            <li>if any
 	      child evaluates to "deny", then the overall result is
-	      "deny";</li> <li>otherwise, if any child is
+	      "deny";</li> 
+          <li>otherwise, if any child is
 	      undetermined, then the overall result is
-	      undetermined;</li> <li>otherwise, if any child evaluates
+	      undetermined;</li> 
+          <li>otherwise, if any child evaluates
 	      to "prompt-oneshot", then the overall result is
-	      "prompt-oneshot";</li> <li>otherwise, if any child
+	      "prompt-oneshot";</li> 
+          <li>otherwise, if any child
 	      evaluates to "prompt-session", then the overall result
-	      is "prompt-session";</li> <li>otherwise, if any child
+	      is "prompt-session";</li>
+          <li>otherwise, if any child
 	      evaluates to "prompt-blanket", then the overall result
-	      is "prompt-blanket";</li> <li>otherwise, if any child
+	      is "prompt-blanket";</li> 
+          <li>otherwise, if any child
 	      evaluates to "permit", then the overall result is
-	      "permit";</li> <li>otherwise, the overall result is
-	      "inapplicable".</li> </ul> </p>
+	      "permit";</li> 
+          <li>otherwise, the overall result is
+	      "inapplicable".</li> 
+          </ul> 
 	  </section> <!-- deny-overrides-combining-algorithm -->
 	  <section id="permit-overrides-combining-algorithm">
 	    <h4>Permit-Overrides Combining Algorithm</h4>
 	      <p>The Permit-Overrides Combining Algorithm is usable as
 	      a policy-combining algorithm and as a rule-combining
 	      algorithm. The overall result of a <code>query</code> is
-	      evaluated as follows: <ul> <li>if any child evaluates to
+	      evaluated as follows:</p>
+          <ul> 
+            <li>if any child evaluates to
 	      "permit", then the overall result is "permit";</li>
 	      <li>otherwise, if any child is undetermined, then the
-	      overall result is undetermined;</li> <li>otherwise, if
+	      overall result is undetermined;</li> 
+          <li>otherwise, if
 	      any child evaluates to "prompt-blanket", then the
-	      overall result is "prompt-blanket";</li> <li>otherwise,
+	      overall result is "prompt-blanket";</li>
+          <li>otherwise,
 	      if any child evaluates to "prompt-session", then the
-	      overall result is "prompt-session";</li> <li>otherwise,
+	      overall result is "prompt-session";</li> 
+          <li>otherwise,
 	      if any child evaluates to "prompt-oneshot", then the
-	      overall result is "prompt-oneshot";</li> <li>otherwise,
+	      overall result is "prompt-oneshot";</li> 
+          <li>otherwise,
 	      if any child evaluates to "deny", then the overall
-	      result is "deny";</li> <li>otherwise, the overall result
-	      is "inapplicable".</li> </ul> </p>
+	      result is "deny";</li>
+          <li>otherwise, the overall result
+	      is "inapplicable".</li> 
+          </ul>
 	  </section> <!-- permit-overrides-combining-algorithm -->
 	  <section id="first-applicable-rule-combining-algorithm">
 	    <h4>First-Applicable Rule Combining Algorithm</h4>
 	      <p>The First-Applicable Rule Combining Algorithm is
-	      usable as a rule-combining algorithm. </p> <p>The
+	      usable as a rule-combining algorithm. </p>
+          <p>The
 	      overall result of a query is evaluated by processing the
-	      children in written order as follows: <ul> <li>if the
+	      children in written order as follows: </p>
+          <ul> 
+            <li>if the
 	      current child is determined and does not evaluate to
 	      "inapplicable", the overall result is the result of the
-	      current child;</li> <li>otherwise, if the current child
+	      current child;</li> 
+          <li>otherwise, if the current child
 	      is undetermined, the overall result is
-	      undetermined;</li> <li>otherwise, if the current child
+	      undetermined;</li> 
+          <li>otherwise, if the current child
 	      is determined and has value "inapplicable", continue
 	      processing at the next child. If already processing the
 	      final child, the overall result is "inapplicable".</li>
-	      </ul> </p>
+	      </ul> 
 	  </section> <!-- first-applicable-rule-combining-algorithm -->
 	  <section id="first-matching-target-policy-combining-algorithm">
 	    <h4>First-Matching-Target Policy Combining Algorithm</h4>
 	      <p>The First-Matching-Target Policy Combining Algorithm
-	      is usable as a policy-combining algorithm. </p> <p>The
+	      is usable as a policy-combining algorithm. </p> 
+          <p>The
 	      overall result of a query is evaluated by processing the
-	      children in written order as follows: <ul> <li>if the
+	      children in written order as follows: </p>
+          <ul>
+            <li>if the
 	      current child has a target that matches the overall
 	      result is the result of the current child;</li>
 	      <li>otherwise, continue processing at the next child. If
 	      already processing the final child, the overall result
-	      is "inapplicable".</li> </ul> </p>
+	      is "inapplicable".</li> 
+        </ul>
 	  </section> <!-- first-matching-target-policy-combining-algorithm -->
   </section> <!-- combining-algorithm -->
   <section id="effect">
@@ -468,23 +507,32 @@
 	      <p>The prompt-oneshot, prompt-session and prompt-blanket
 	      effects allow requested access after explicit
 	      confirmation by the user. The implementation MUST prompt the user
-	      before allowing access. </p> <p>The implementation MUST only
+	      before allowing access. </p> 
+          <p>The implementation MUST only
 	      provide the 
 	      user the option to grant permission up to the maximum
-	      allowed by the <code>effect</code>, ie: <ul>
+	      allowed by the <code>effect</code>, ie: </p>
+          <ul>
 	      <li>prompt-oneshot: "deny always", "deny this time",
-	      "allow this time";</li> <li>prompt-session:
+	      "allow this time";</li>
+          <li>prompt-session:
 	      prompt-oneshot options plus "deny for this session",
-	      "allow for this session";</li> <li>prompt-blanket:
-	      prompt-session options plus "allow always".</li> </ul>
+	      "allow for this session";</li> 
+          <li>prompt-blanket:
+	      prompt-session options plus "allow always".</li>
+          </ul>
+          <p>
 	      The implementation MUST provide a means to respond
 	      with any available option that is applicable in the
-	      context in which the prompt is displayed. </p> <p> Any
+	      context in which the prompt is displayed. </p> 
+          <p> Any
 	      default action MUST be at least as restrictive as
-	      "deny this time". </p> <p> If the user has the option of
+	      "deny this time". </p> 
+          <p> If the user has the option of
 	      deferring a response indefinitely and the user does not
 	      respond explicitly, the requested access MUST NOT be
-	      allowed. </p> <p> 
+	      allowed. </p> 
+          <p> 
 	      For a widget, a session lasts while the application is
 	      still running and the terminal has not been switched off
 	      or placed in standby mode. </p> <p> For a website,
@@ -581,7 +629,7 @@
 	    <p><code>&lt;rule&gt;</code> contains an optional
 	    <code>&lt;condition&gt;</code>. </p>
 	</section>
-	<section id="target">
+	<section id="target-element">
 	  <h4>The <code>&lt;target&gt;</code>  Element</h4>
 	    <p><code>&lt;target&gt;</code> contains one or more
 	    <code>&lt;subject&gt;</code> elements. </p>
@@ -604,7 +652,7 @@
 	    <code>&lt;resource-match&gt;</code> or
 	    <code>&lt;environment-match&gt;</code>. </p>
 	</section>
-	<section id="subject-match, resource-match, environment-match">
+	<section id="subject-resource-environment-match">
 	  <h4>The <code>&lt;subject-match&gt;</code>, <code>&lt;resource-match&gt;</code>, <code>&lt;environment-match&gt;</code> Elements</h4>
 	    <p><code>&lt;subject-match&gt;</code> represents a
 	    condition on a single subject attribute to be matched in
@@ -644,7 +692,7 @@
 	    the literal text to match after expanding any
 	    attributes. </p>
 	</section>
-	<section id="subject-attr, resource-attr, environment-attr">
+	<section id="subject-resource-environment-attr">
 	  <h4>The <code>&lt;subject-attr&gt;</code>, <code>&lt;resource-attr&gt;</code>, <code>&lt;environment-attr&gt;</code> Elements</h4>
 	    <p>
 	    Each of these elements represents the value of a
@@ -729,23 +777,40 @@
 </section>
 <section class='website-subject-attribute-definitions'>
   <h2>Web Site Subject Attribute Definitions</h2>
-<table> <caption> <dfn
-	  id="website-subject-attributes-table">Website Subject
-	  Attributes Table</dfn></caption> <thead> <tr> <th
-	  scope="col">Attribute</th> <th scope="col">Type</th> <th
-	  scope="col">Value</th> <th scope="col">Meaning</th>
-	  </tr> </thead> <tbody> <tr> <td>class</td>
-	  <td>string</td> <td>"website"</td> <td>Has the value
-	  "website" if and only if the subject is of this
-	  class.</td> </tr> <tr> <td rowspan="4">sign-schema</td>
-	  <td rowspan="4">string</td> </tr> <tr> <td>"" (empty
+<table> <caption> 
+  <dfn id="website-subject-attributes-table">Website Subject
+	  Attributes Table</dfn></caption> 
+      <thead> 
+        <tr> 
+          <th scope="col">Attribute</th> 
+          <th scope="col">Type</th> 
+          <th scope="col">Value</th> 
+          <th scope="col">Meaning</th>
+        </tr>
+        </thead>
+        <tbody>
+          <tr> 
+            <td>class</td>
+            <td>string</td> 
+            <td>"website"</td> 
+            <td>Has the value "website" if and only if the subject is of this
+            class.</td> 
+            </tr> 
+              <tr> 
+              <td >sign-schema</td>
+              <td>string</td> 
+<td>"" (empty
 	  string)</td> <td>Not signed.</td> </tr> <tr>
+              <td >sign-schema</td>
+              <td>string</td> 
 	  <td>"tls"</td> <td>The page was fetched using HTTPS and
 	  the browser has verified that the site certificate’s
 	  Common Name matches the host that the page was fetched
 	  from, and it has already applied its own policies
 	  regarding whether the root certificate is in an
 	  acceptable trust domain.</td> </tr> <tr>
+              <td >sign-schema</td>
+              <td>string</td> 
 	  <td>"tls-ev"</td> <td>As "tls", and, additionally, the
 	  site certificate has an extended validation field and
 	  the browser's internal policy allows that information to
@@ -784,7 +849,7 @@
 	  the following attributes: </p> 
 <table> 
   <caption> 
-    <dfn id="widget-subject-attributes-table">Widget Resource
+    <dfn id="widget-resource-attributes-table">Widget Resource
 	  Attributes Table</dfn></caption> 
       <thead> 
         <tr> <th scope="col">Attribute</th> <th scope="col">Type</th> <th
@@ -844,7 +909,7 @@
 <section class='context-attribute-definitions'>
   <h2>Context Attribute Definitions</h2>
 <table> <caption> <dfn
-	  id="widget-subject-attributes-table">Context
+	  id="context-attributes-table">Context
 	  Attributes Table</dfn></caption> <thead> <tr> <th
 	  scope="col">Attribute</th> <th scope="col">Type</th> <th
 	  scope="col">Value</th> <th scope="col">Comment</th>
Received on Monday, 21 June 2010 12:53:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 21 June 2010 12:53:15 GMT