[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PolicyEvaluatorAdmin
> Hi,
>
> In writing up the description of the IDL, there are a couple of things that
> are disconcerting - they are in areas where we were rushed in Austin and I
> think in the interest of putting up an initial submission that can be
> easily comprehended should be dropped. I will send an email per item.
> === item 1 ===
> PolicyEvaluatorAdmin: This interface is problematic to describe because it
> assumes something about the underlying access control system... it assumes
> that the proprietary administrative interface allows policies to be
> identifyable (in the current spec by name).
> Some ACL based systems do not
> name policy which makes this interface useless for the intended purpose.
I would suggest that those systems that do not identify/use separate policies,
they just ignore the policy name.
> In addition, it begs the question of how a healthcare software vendors
> product would understand how to select an appropropriate policy from a list
> of named policies provided by HRAC.
What product? An ADO client?
>
> My proposal: I would like to remove this interface from the initial
> submission and revisit the entire subject of how to allow an application to
> define the access policy for a dynamically created resource for the final
> submission.
I suggest to leave it the way it is now and see what other people (i.e. outside
of the submission team) comment on it.
Konstantin
----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.