Comments on Primelife Policy Requirements

Some comments and feedback on the PrimeLife "Requirements for Next  
Generation Policies" [1] which, overall, is a good body of work in  
policy requirements.

Chapter 2 - Scenarios:

1 - The individual use cases vary in detail and approach. Perhaps  
choose a standard template for Use Cases (actors, data flows etc) and  
apply to them all.

2 - Is there a policy that drives UC4.1?

3 - In UC 4.9 are you stating that if I delete my Social Network  
account, all my comments on my friends photos are also removed?

4 - UC5.2 s/whine/wine/

5 - Some Use Cases (eg UC7.3 and 7.4) end with a list of Requirements,  
which are not necessarily reflected in Chapter 4.

Chapter 4 - Requirements:

1 - RG13 (I mentioned this on the last teleconf) The strong like that  
a policy language should be semantically compatible with P3P needs to  
be justified/verified.

2 - R116 Policy matching should not just be dependent on sharing the  
same tree structure.

3 - R131 is not really needed (and incomplete?) as there is R144 and  
R145 etc

4 - R140 is this the same as R122?

5 - Some of the requirements in Section 4.2.2 (Access Control) could  
just as well fit in the parent section (4.2), such as R222, R227, R230  

6 - Is R225 captured in R113?

7 - Is R324 captured by R230?

8 - R121 was not too clear. An example would be good.

99 - The numbering of the Requirements is confusing ;-)

It would also be very useful to link between the Use Cases and  
Requirements. Perhaps add the relevant Requirements to each Use Case  
to ascertain relevance and coverage. For example, what Use Case  
captures the need for R142?

Cheers...  Renato Iannella

[1] < 

Received on Tuesday, 31 March 2009 05:19:12 UTC