Updated Policy Requirements Editors Draft

I have updated the Policy Requirements Editors Draft based on our  
discussion at the F2F:


This should complete ACTION-49

Please review and indicate any additional changes needed.

regards, Frederick

Frederick Hirsch


(1) Introduction

Added paragraph that applicable to both widgets and web applications

(2) Definitions

Changed names of definitions, added Implicit Consent definition.  
Removed material from definitions to focus, updated Feature definition  
using BONDI definition.

(3) Added new section 3, use cases based on Paddy's examples (used  

(4) 6.1  User Control over Decisions

added requirement and corresponding discussion in rationale section:

"The security policy framework SHOULD be able to record security  
configuration choices and interactive policy decisions using the  
policy markup language format."

(5) 6.2 Rationale
made normative since it has normative statements
integrated implicit consent material into discussion
Added "Modal security prompts SHOULD be avoided."
removed paragraph re DAP being minimally prescriptive since text talks  
about different API approaches.

(6) 6.3 Issues
Removed "Application control vs user agent control" since implicit  
consent integrated into 6.2

(7) 7 Identification
removed requirement that Capabilities be defined using IRIs, added  
"Capabilities MUST be identified by strings associated with API  
definitions produced by the DAP WG."

added requirement:
Features MUST be identified by IRI.
(removed associated issue, since we discussed at F2F)

(8) 8 Access Control.
Added new section.

(9) moved out of scope section to the end.

Received on Tuesday, 10 November 2009 17:06:46 UTC