RE: Policy framework (was: [Policy] [ACTION-152] Editor Updates to Policy Requirements and Policy Framework) from David Rogers on 2010-04-13 (public-device-apis@w3.org from April 2010)

From: David Rogers <david.rogers@omtp.org>
Date: Tue, 13 Apr 2010 22:27:25 +0100
To: "Dominique Hazael-Massieux" <dom@w3.org>, "W3C Device APIs and Policy WG" <public-device-apis@w3.org>
Message-ID: <4C83800CE03F754ABA6BA928A6D94A0602122111@exch-be14.exchange.local>

Hi Dom,

Don't worry about the size for now - what we agreed in the F2F that the BONDI & Nokia documents would be merged and the other items included. Once we have an overall view on this, we will split the work up appropriately (for example - separation of threats work etc.). I would like to get the Nokia policy work included and the other items that were raised before we split up the doc.

Cheers,


David.

-----Original Message-----
From: public-device-apis-request@w3.org [mailto:public-device-apis-request@w3.org] On Behalf Of Dominique Hazael-Massieux
Sent: 13 April 2010 16:15
To: W3C Device APIs and Policy WG
Subject: Policy framework (was: [Policy] [ACTION-152] Editor Updates to Policy Requirements and Policy Framework)

Le jeudi 08 avril 2010 à 18:58 +0200, Arribas, Laura, VF-Group a écrit :
> Please have a look at the current *draft* [1] and share any comments you may
> have.

I took a pass the fixing the examples in section 5 [2] to make them XML
well-formed (although there is an XML namespace prefix used in the
example and in the spec, "param:", for which I couldn't find an
associated namespace declaration).

I'm not very comfortable with the very large scope of that document; it
defines:
* a rules language (derived from but not exactly the same as XACML),
* an identity model,
* an environment model,
* a capabilities model,
* a policy-decision model,
each of which could be a spec of its own, requiring a non-negligible
amount of work.

I've tried to look at the reference implementation of the policy
framework in BONDI to get an idea of the work needed to implement all of
this, but have failed to find it so far; could someone point me to it?

(at a purely editorial level, I'm hoping we're not going to call this
the "DAP security" model/framework — I think this comes from a global
replace of "BONDI" with "DAP" in the submitted document, but I don't
think this works well as a name)

Thanks,

Dom

> [1] http://dev.w3.org/2009/dap/policy/Overview.html

2.
http://dev.w3.org/2009/dap/policy/Overview.html#example-abuse-policies

Received on Tuesday, 13 April 2010 21:28:00 UTC