2009/dap/policy Overview.html,1.6,1.7

Update of /sources/public/2009/dap/policy
In directory hutz:/tmp/cvs-serv22428

Modified Files:
	Overview.html 
Log Message:
References (XACML20, SUS3)

Index: Overview.html
===================================================================
RCS file: /sources/public/2009/dap/policy/Overview.html,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -d -r1.6 -r1.7
--- Overview.html	9 Apr 2010 15:28:15 -0000	1.6
+++ Overview.html	9 Apr 2010 16:12:37 -0000	1.7
@@ -65,11 +65,10 @@
     </p> <p>
       This model is defined using concepts,
       terminology and semantics from the eXtensible Access Control Markup Language
-      [[!XACML]] framework. DAP policies are capable of
+      [[!XACML20]] framework. DAP policies are capable of
       representation in a compact XML format (and other formats, including a compact
       binary representation if necessary).
-    </p> <p class="issue"> XACML MISSING REF ENTRY. OASIS eXtensible
-  Access Control Markup Language (XACML) Version 2.0 </p> <p>
+    </p> <p>
       It is intended that DAP policies are also eventually capable of representation
       in XACML, using a specific dictionary of attributes and a subset of XACML
       elements; however this is not currently possible without defining a number of
@@ -171,11 +170,11 @@
       The access control system itself consists of a number of logically distinct
       elements. <!-- Specific DAP requirements and interfaces are specified in terms of
       these separate functional components. --> This logical breakdown and associated
-      terminology is adopted from  XACML [[!XACML]] and illustrated below.
+      terminology is adopted from  XACML [[!XACML20]] and illustrated below.
     </p>
     <!-- ILLUSTRATION XACML DATAFLOW -->
     <object type="image/svg+xml" data="XACMLdataflow.svg">
- <img src="XACMLdataflow.png" alt="graphical representation of the XACML data flow" title="DAP security model, derived from XACML [[!XACML]] Specification Schema" width="500" height="500"/> </object>
+ <img src="XACMLdataflow.png" alt="graphical representation of the XACML data flow" title="DAP security model, derived from XACML Specification Schema" width="700" height="700"/> </object>
     <p>
       The specified functional components are as follows:
       <ul>
@@ -252,11 +251,11 @@
       <li><p>it provides a way of ensuring that the correct precedence is applied when processing rules. This makes some rules easier to write because their applicability is more narrowly scoped by their enclosing policy. More significantly, it ensures that security requirements determined by one authority are not wrongly overridden by rules provided by a subordinate authority.</p></li>
     </ul>
     <p>
-      Simplistically, each rule is specified by defining a <strong><em><a href=#condition>condition</a></em></strong>, which is a set of statements which must be satisfied in order for that particular rule to apply, and an <strong><em><a href=#effect>effect</a></em></strong> which represents the rule’s outcome – ie whether that rule indicates that the access request should be permitted or not. 
+      Simplistically, each rule is specified by defining a <strong><em><a href=#condition>condition</a></em></strong>, which is a set of statements which must be satisfied in order for that particular rule to apply, and an <strong><em><a href=#effect>effect</a></em></strong> which represents the rule's outcome – ie whether that rule indicates that the access request should be permitted or not. 
     </p>
     <!-- ILLUSTRATION POLICY LANGUAGE MODEL -->
     <object type="image/svg+xml" data="languagemodel.svg">
- <img src="languagemodel.png" alt="graphical representation of the XACML policy language model" title="DAP policy language model, derived from XACML [[!XACML]] Specification Schema" width="250" /> </object>
+ <img src="languagemodel.png" alt="graphical representation of the XACML policy language model" title="DAP policy language model, derived from XACML  Specification Schema" width="250" /> </object>
     </section> <!-- access control policy structure -->
     <section id=rule-processing>
     <h3>Rule Processing</h3>
@@ -285,8 +284,7 @@
   framework. This includes definitions of each of the entities involved in the
   definition of an access control policy, and a definition of the attributes of
   each entity that are recognised and are required to be supported. This
-  specification uses [[!XACML]]. </p> <p class="issue"> XACML MISSING REF ENTRY. OASIS eXtensible
-  Access Control Markup Language (XACML) Version 2.0 </p> 
+  specification uses [[!XACML20]]. </p>
       <section id="application-execution-phases">
 	<h3>Application Execution Phases</h3>
 	  <p>The <em>execution</em> phase of a web application
@@ -770,10 +768,9 @@
 	      If either input is the empty bag, the result is false.
 	      An input of type other than empty bag or string bag is
 	      converted to string bag first. </p> <p>A glob pattern is
-	      as described in [[!SUSv3]] section 2.13 Pattern Matching Notation
+	      as described in [[!SUS3]] section 2.13 Pattern Matching Notation
 	      but excluding 2.13.3 Patterns Used for Filename
-	      Expansion. </p> <p class="issue"> XACML MISSING REF ENTRY.http://www.unix.org/single_unix_specification/
-	      </p> <!-- Shell & Utilities Volume of the SUSv3 spec --><p>Using this function with a glob
+	      Expansion. </p> <!-- Shell & Utilities Volume of the SUSv3 spec --><p>Using this function with a glob
 	      pattern of “*” (a single asterisk) is a convenient way
 	      to test whether the first input is not an empty bag.
 	      </p>

Received on Friday, 9 April 2010 16:12:40 UTC