[UCR] Response to straw poll comments on Section 2.4 from Paula-Lavinia Patranjan on 2006-02-24 (public-rif-wg@w3.org from February 2006)

From: Paula-Lavinia Patranjan <paula.patranjan@ifi.lmu.de>
Date: Fri, 24 Feb 2006 16:33:05 +0100
To: public-rif-wg@w3.org
Message-ID: <43FF2731.5020800@ifi.lmu.de>

Hi,

As response to the straw poll comments on the Section 2.4 'Policy-Based
Transaction Authorization and Access Control', a new version of the
section is now available:
http://www.w3.org/2005/rules/wg/wiki/UCR/Policy-Based_Transaction_Authorization_and_Access_Control

Just the first and last paragraphs remained unchanged. Short responses
to the received comments follow.

1. James, Mala
http://lists.w3.org/Archives/Public/public-rif-wg/2006Feb/0184.html
and Christian
http://lists.w3.org/Archives/Public/public-rif-wg/2006Feb/0230.html
refer to the necessity of concentrating on the interchange of rules in
the presented scenario.

>The section concentrated more on the steps of a negotiation scenario,
however the new version of the section stresses the fact that policies
are rules and that they are interchanged during negotiation depending on
the current level of trust that the systems have on each other. Also, it
is explicitly stated in the scenario that the involved systems might use
different rule languages and/or engines for evaluating (own and
imported) policies. I think the current version explicitly states the
need of RIF.

2. Gary's comment refers to the fact that the style of writing example
rules is not a common one; Igor's comment refers to the fact that the
rules do not have a formal representation.

> The style of writing rules in the current version is at least
uniform, some of them were explicitly given. Moreover, different
choices exist for implementing policy rules; choosing the type of rules
for implementing policies depends also on the capabilities the system
has. (This is explicitly stated in the new version.) That is why no
formal representation is given here.

3. Deborah's comment refers to the need of a common data model

> This comment is somehow related to 2. I think the level of
abstraction for the example rules is suitable for the whole section on
use cases, the section shows the need of a rule interchange format,
gives flavour of the kinds of rules and their requirements on RIF. For
more details we have the original use cases submitted by the RIF
participants. Moreover, providing a data model and formal representation
of rules would have as consequence a lengthy UCR document...I'm not sure
we want this at this stage.

4. Jos' comment refers to the fact that the description is too
elaborate, not concise enough

> The negotiation process in the new version is described in a more
precise manner. Some of the policy rules were given in an explicit way
and the whole scenario stresses the interchange of rules and leaves some
parts of the story out, thus concentrating on the important parts for
RIF. I think this version is clearly an improved one in the sense of 4.

5. Jos' note on connection with P3P

> Not taken into account. I don't think making such kind of connections
explicit would have an impact on the interchange aspect in the use case.

Best regards,
Paula

Received on Friday, 24 February 2006 15:33:14 UTC