W3C home > Mailing lists > Public > public-dap-commits@w3.org > June 2010

2009/dap/policy Profile.html,1.13,1.14

From: Dominique Hazael-Massieux via cvs-syncmail <cvsmail@w3.org>
Date: Mon, 21 Jun 2010 13:43:13 +0000
To: public-dap-commits@w3.org
Message-Id: <E1OQhHN-0003Fy-Vo@lionel-hutz.w3.org>
Update of /sources/public/2009/dap/policy
In directory hutz:/tmp/cvs-serv12503

Modified Files:
	Profile.html 
Log Message:
removed (some of) the abusive <code> wrappers


Index: Profile.html
===================================================================
RCS file: /sources/public/2009/dap/policy/Profile.html,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -d -r1.13 -r1.14
--- Profile.html	21 Jun 2010 13:35:37 -0000	1.13
+++ Profile.html	21 Jun 2010 13:43:11 -0000	1.14
@@ -47,7 +47,7 @@
       <section id="values-and-types">
 	<h3>Values and Types</h3>
 	  <p>Each value in an expression is conceptually a
-	  <code>bag</code> of potentially multiple simple values. The
+	  bag of potentially multiple simple values. The
 	  bag can be empty, containing no simple values. In
 	  practice almost every value encountered in the model is
 	  either an empty bag or a bag containing a single simple
@@ -152,10 +152,10 @@
       </section> <!-- subject-specification -->
   <section id="target">
 	<h3>Target</h3>
-	  <p>The <code>target</code> of a <code>policy</code> or
-	  <code>policy set</code> identifies the set of
-	  <code>subjects</code> to which the <code>policy</code> or
-	  <code>policy set</code> applies. </p> 
+	  <p>The <code>target</code> of a policy or
+	  policy set identifies the set of
+	  subjects to which the policy or
+	  policy set applies. </p> 
       <p>The <code>target</code>
 	  consists of a disjunctive sequence of <code>subject</code>
 	  specifications. A target specification is
@@ -173,13 +173,13 @@
   </section> <!-- target -->
   <section id="decision">
 	<h3>Decision</h3>
-	  <p>If determined, the result of a <code>rule</code> or
-	  <code>policy</code> or <code>policy set</code> is a
-	  <code>decision</code>, either “not applicable” or any one of
-	  the <a href="#effect"><code>effects</code></a> “permit”,
-	  “prompt-blanket”, “prompt-session”, “prompt-oneshot” or
-	  “deny”. </p> <p> The result of a <code>rule</code> or
-	  <code>policy</code> or <code>policy set</code> may be
+	  <p>If determined, the result of a rule or
+	  policy or policy set is a
+	  decision, either “not applicable” or any one of
+	  the <a href="#effect">effects</a> “<code>permit</code>”,
+	  “<code>prompt-blanket</code>”, “<code>prompt-session</code>”, “<code>prompt-oneshot</code>” or
+	  “<code>deny</code>”. </p> <p> The result of a rule or
+	  policy or policy set may be
 	  undetermined under conditions specified for each below.
 	  </p>
   </section> <!-- decision -->
@@ -234,8 +234,8 @@
 	  <code>policy</code> optionally has an id. If an
 	  implementation provides a means to provision a security
 	  policy fragment to replace an existing one, this id can
-	  be used to identify the <code>policy</code> or <code>policy
-	  set</code> to replace. No management of ids is mandated,
+	  be used to identify the policy or policy
+	  set to replace. No management of ids is mandated,
 	  therefore it is recommended that a standardised textual
 	  representation of a UUID should be used as the id. </p>
 	  <p> The result of a policy is determined if and only if
@@ -243,12 +243,12 @@
   </section> <!-- policy -->
   <section id="policy-set">
 	<h3>Policy Set</h3>
-	  <p>The overall security framework is a <code>policy
-	  set</code>. </p> <p> A <code>policy set</code> is a target
+	  <p>The overall security framework is a policy
+	  set. </p> <p> A <code>policy-set</code> is a target
 	  with a list of zero or more <code>policies</code> and
 	  <code>policy sets</code> combined using a <a
-	  href="#combining-algorithm"><code>policy-combining
-	  algorithm</code></a>. Where a directive attribute query
+	  href="#combining-algorithm">policy-combining
+	  algorithm</a>. Where a directive attribute query
 	  finds more than one applicable directive attribute set,
 	  the first one is used. </p> <p> A <code>policy set</code>
 	  optionally has an id. If an implementation provides a
@@ -267,16 +267,16 @@
 	  fragment of policy to add to the existing security
 	  policy framework or to replace a part of it, the
 	  <code>policy document</code> is the unit of addition or
-	  replacement. A <code>policy document</code> can be either a
-	  <code>policy</code> or a <code>policy set</code>. </p>
+	  replacement. A policy document can be either a
+	  <code>policy</code> or a <code>policy-set</code>. </p>
 		</section> <!-- policy-document -->
   <section id="signed-policy-document">
 	<h3>Signed Policy Document</h3>
 	  <p>Where the implementation supports deployment of
-	  policy fragments as above, the <code>signed policy
-	  document</code> is the cryptographically signed unit of
-	  deployment. It contains one or more <code>policy
-	  documents</code> as well as a single signature. </p>
+	  policy fragments as above, the signed policy
+	  documentx is the cryptographically signed unit of
+	  deployment. It contains one or more policy
+	  documents as well as a single signature. </p>
   </section> <!-- signed-policy-document -->
   <section id="matching-function">
 	<h3>Matching Function</h3>
@@ -380,26 +380,26 @@
   </section> <!-- modifier-function -->
   <section id="combining-algorithm">
 	<h3>Combining Algorithm</h3>
-	  <p>The <code>policy-combining algorithm</code> for a
-	  <code>policy set</code> determines how child
-	  <code>policies</code> and <code>policy sets</code> are combined.
-	  </p> <p>The <code>rule-combining algorithm</code> for a
-	  <code>policy</code> determines how child <code>rules</code> are
+	  <p>The policy-combining algorithm for a
+	  policy set determines how child
+	  policies and policy sets are combined.
+	  </p> <p>The rule-combining algorithm for a
+	  policy determines how child rules are
 	  combined. </p> <p>The algorithms are described in the
-	  following subsections. The term <code>child</code> is used
-	  to mean the child <code>rules</code> in the <code>policy</code>
-	  when applying the <code>policy's rule-combining
-	  algorithm</code>, or the child <code>policies</code> and
-	  <code>policy sets</code> in the <code>policy set</code> when
-	  applying the <code>policy set's policy-combining
-	  algorithm</code>. </p>
+	  following subsections. The term “child” is used
+	  to mean the child rules in the policy
+	  when applying the policy's rule-combining
+	  algorithm, or the child policies and
+	  policy sets in the policy set when
+	  applying the policy set's policy-combining
+	  algorithm. </p>
 	  <section id="deny-overrides-combining-algorithm">
 	    <h4>Deny-Overrides Combining Algorithm</h4>
 	      <p>The Deny-Overrides Combining Algorithm is usable as a
 	      policy-combining algorithm and as a rule-combining
 	      algorithm. </p> 
           <p>The overall result of a
-	      <code>query</code> is evaluated as follows:</p>
+	      query is evaluated as follows:</p>
           <ul> 
             <li>if any
 	      child evaluates to "deny", then the overall result is
@@ -427,7 +427,7 @@
 	    <h4>Permit-Overrides Combining Algorithm</h4>
 	      <p>The Permit-Overrides Combining Algorithm is usable as
 	      a policy-combining algorithm and as a rule-combining
-	      algorithm. The overall result of a <code>query</code> is
+	      algorithm. The overall result of a query is
 	      evaluated as follows:</p>
           <ul> 
             <li>if any child evaluates to
@@ -490,16 +490,16 @@
   </section> <!-- combining-algorithm -->
   <section id="effect">
 	<h3>Effect</h3>
-	  <p>The <code>effect</code> of a <code>rule</code> is one of the
+	  <p>The effectx of a <code>rule</code> is one of the
 	  following: </p>
 	  <section id="permit">
 	    <h4>Permit</h4>
-	      <p>This <code>effect</code> allows requested access without
+	      <p>This effect allows requested access without
 	      user interaction. </p>
 	  </section> <!-- permit -->
 	  <section id="deny">
 	    <h4>Deny</h4>
-	      <p>This <code>effect</code> denies requested access without
+	      <p>This effect denies requested access without
 	      user interaction. </p>
 	  </section> <!-- deny -->
 	  <section id="prompt-x">
@@ -511,7 +511,7 @@
           <p>The implementation MUST only
 	      provide the 
 	      user the option to grant permission up to the maximum
-	      allowed by the <code>effect</code>, ie: </p>
+	      allowed by the effect, ie: </p>
           <ul>
 	      <li>prompt-oneshot: "deny always", "deny this time",
 	      "allow this time";</li>
@@ -542,20 +542,20 @@
   </section> <!-- effect -->
   <section id="query">
 	<h3>Query</h3>
-	  <p>A <code>query</code> represents a specific instance of a
+	  <p>A query represents a specific instance of a
 	  security policy being evaluated in order to make an
 	  access control decision relating to an attempted
-	  operation by a web application. </p> <p>A <code>query</code>
-	  is characterised by the collection of <code>subject
-	  attributes</code> associated with the web application
-	  instance, the collection of <code>resource attributes</code>
+	  operation by a web application. </p> <p>A query
+	  is characterised by the collection of subject
+	  attributes associated with the web application
+	  instance, the collection of resource attributes
 	  associated with the attempted operation, and the
-	  collection of <code>environment attributes</code> associated
+	  collection of environment attributes associated
 	  with the circumstances of the attempt. The
 	  determinedness of each of these attributes is in
-	  accordance with the <code>execution phase</code> of the
-	  attempt. </p> <p>A <code>query</code> is evaluated against a
-	  <code>policy-set</code>, resulting in a <code>decision</code> in
+	  accordance with the execution phase of the
+	  attempt. </p> <p>A query is evaluated against a
+	  <code>policy-set</code>, resulting in a decision in
 	  accordance with the evaluation rules defined in this
 	  specification. </p>
   </section> <!-- query -->
Received on Monday, 21 June 2010 13:43:15 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 21 June 2010 13:43:15 GMT