W3C home > Mailing lists > Public > public-rif-wg@w3.org > February 2006

[UCR] Response to straw poll comments on Section 2.4

From: Paula-Lavinia Patranjan <paula.patranjan@ifi.lmu.de>
Date: Fri, 24 Feb 2006 16:33:05 +0100
Message-ID: <43FF2731.5020800@ifi.lmu.de>
To: public-rif-wg@w3.org

As response to the straw poll comments on the Section 2.4 'Policy-Based 
Transaction Authorization and Access Control', a new version of the 
section is now available:

Just the first and last paragraphs remained unchanged. Short responses 
to the received comments follow.

1. James, Mala
and Christian
refer to the necessity of concentrating on the interchange of rules in 
the presented scenario.

 >The section concentrated more on the steps of a negotiation scenario, 
however the new version of the section stresses the fact that policies 
are rules and that they are interchanged during negotiation depending on 
the current level of trust that the systems have on each other. Also, it 
is explicitly stated in the scenario that the involved systems might use 
different rule languages and/or engines for evaluating (own and 
imported) policies. I think the current version explicitly states the 
need of RIF.

2. Gary's comment refers to the fact that the style of writing example 
rules is not a common one; Igor's comment refers to the fact that the 
rules do not have a formal representation.

 > The style of writing rules in the current version is at least 
uniform, some of them were explicitly given.  Moreover, different 
choices exist for implementing policy rules; choosing the type of rules 
for implementing policies depends also on the capabilities  the system 
has. (This is explicitly stated in the new version.) That is why no 
formal representation is given here.

3. Deborah's comment refers to the need of a common data model

 > This comment is somehow related to 2. I think the level of 
abstraction for the example rules is suitable for the whole section on 
use cases, the section shows the need of a rule interchange format, 
gives flavour of the kinds of rules and their requirements on RIF. For 
more details we have the original use cases submitted by the RIF 
participants. Moreover, providing a data model and formal representation 
of rules would have as consequence a lengthy UCR document...I'm not sure 
we want this at this stage.

4. Jos' comment refers to the fact that the description is too 
elaborate, not concise enough

 > The negotiation process in the new version is described in a more 
precise manner. Some of the policy rules were given in an explicit way 
and the whole scenario stresses the interchange of rules and leaves some 
parts of the story out, thus concentrating on the important parts for 
RIF. I think this version is clearly an improved one in the sense of 4.

5. Jos' note on connection with P3P

 > Not taken into account. I don't think making such kind of connections 
explicit would have an impact on the interchange aspect in the use case.

Best regards,

Received on Friday, 24 February 2006 15:33:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:47:37 UTC