Re: [xacml] List of pending issues (backlog)?

[Steven Legg <steven.legg@viewds.com>]

Note to everyone: Cyril's original message went to my spam folder and it seems to be
a common experience. Mark it as not spam if you see the same thing.

Hi Cyril,

On 20/07/2023 9:53 am, DANGERVILLE Cyril wrote:
> Hello all,
>
> I have (re)joined the XACML TC recently, and as I have a few issues to add to the TCâs âbacklogâ for later discussion, I am looking for a place in the TC workspace where you keep track of pending issues. Is there such a place?
>
> Iâve seen the âWishlistâ page on the wiki but seems quite old.

That page would be the place. We have been remiss in keeping it up to date. Feel free
to refresh it.

> To give an idea, some issues of interest to me:
>
> 1)Changes to XACML core spec:
>
> a.Backward-compatible / non-breaking changes:
>
> i.Add <VariableRefence> as third choice in Target <Match> (in addition to AttributeDesignator, AttributeSelector)

I would like to go further and let the Target have a full Expression. The difference
between Target and Condition is supposedly to facilitate policy (set) indexing.
However, I've found that some functions allowed in a target are impractical to index
while many things allowed in a Condition, but not in a Target, are eminently indexable.
I actually build indexes over both the Target and Condition so the difference between
their expressiveness is more a hindrance than a help.

> ii.Add <VariableDefinition>s as optional elements in <PolicySet> and <Rule> (like in <Policy>)

Yes for PolicySet. It does raise the question of the scope of the variable definition.
Does it only apply to embedded policy sets, policies and rules, or does it also apply
to referenced policy sets and policies? I don't mind whether rules have variable
definitions.

More generally I would like to have the option of variable definitions as free-floating
global constructs that can be referenced from any rule, policy or policy set, perhaps
with a top-level import statement in the rule, policy or policy set to signal the
dependency and enable the referencing.

> iii.Support JsonPath evaluation in <AttributeDesignator>, Âby adding optional attribute âcontentTypeâ (for example) = âJSONâ or âXMLâ (âXMLâ is the default value), to indicate whether the <Content> must be processed as âJSONâ object instead of XML, and the âPathâ handled as JsonPath according to this draft RFC: https://datatracker.ietf.org/doc/draft-ietf-jsonpath-base/ <https://datatracker.ietf.org/doc/draft-ietf-jsonpath-base/>. For this one, it may be safer to wait it become an IETF standard. But itâs good to anticipate.

Obviously you mean <AttributeSelector>. Since we now have a JSON profile, providing
support for JSONPath makes sense.

> b.Breaking/non-backward-compatible changes to XACML core spec, therefore to be considered rather for XACML 4.0:
>
> i.XSD simplification: replace Obligation/Advice(Expression) elements with one PepAction(Expression) element and a XML attribute required=âtrueâ (for Obligation) or âfalseâ (for Advice)

Yes. It would save duplicating code to process two things that are almost, but not
quite, the same structure.

It could be done in XACML 3.0 by adding an Optional attribute to Obligation and
deprecating the use of Advice.

> 2)New profiles:
>
> a.YAML Profile of XACML: for writing XACML policies in YAML.

I don't object to a YAML representation for policies, but I would prefer to see a JSON
representation first (or at the same time).

Regards,
Steven

> Kind regards,
>
> Cyril
>
> *From:*xacml@lists.oasis-open.org <mailto:xacml@lists.oasis-open.org> <xacml@lists.oasis-open.org <mailto:xacml@lists.oasis-open.org>> *On Behalf Of *William Parducci
> *Sent:* mercredi 19 juillet 2023 00:54
> *To:* XACML TC <xacml@lists.oasis-open.org <mailto:xacml@lists.oasis-open.org>>
> *Subject:* [xacml] Proposed Agenda 19 July, 2023 TC Meeting
>
> Time: 4:30 PM EDT (UTC-4)
>
> Tel:Â1-267-807-9601
> Access Code: 620-103-760
>
> Proposed agenda 25 May 2023 TC meeting
>
> I. Roll Call & Minutes
>  ÂApprove Minutes 25 May 2023 TC Meeting
> https://lists.oasis-open.org/archives/xacml/202305/msg00005.html <https://lists.oasis-open.org/archives/xacml/202303/msg00004.html>
>
> II. Administrivia
>
>  Â Home Page clean-up
>
> https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml <https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml>
>
>  ÂOASIS event announcements
>
> https://lists.oasis-open.org/archives/xacml/202307/msg00000.html <https://lists.oasis-open.org/archives/xacml/202307/msg00000.html>
>
> III. Issues
>  ÂSeparation of Duties
>
> b