Sounds like right now GT is passin just the operation without qualifier. I believe the right thing to do here is leave it as operation name for now, but indicate it should include the namespace in future version of the protocol. Von David Chadwick writes (20:04 May 18, 2005):
Von Welch wrote:
4. 6.1.4 Action Elements - I think it would be better to define the string representation more specific. The QName of the operation would be better.
Let me ask our implementors and see what they have done.
From the PDP side of things, we will accept any string, and this string will be contained in the Authz policy governing access to the resource (e.g. it could be read, write, delete etc.) But the PDP does not actually care how the string was obtained or what it means, since it simply compares a presented value with a value in the policy.
But clearly from a user's perspective the string must mean something, and from the PEP's perspective it needs to know where to get the string from to pass to the PDP. Therefore a sensible meaning would indeed be the name of the operation being requested by the user.
Note that in version 2 of the protocol we are planning to pass operation arguements as well, so it might be better to state that what will be passed (in v2) is the name of the operation and its arguments.
regards
David
Von
Hope it isn't late, Takuya Mori
---- Takuya Mori
--
***************************************************************** PLEASE NOTE NEW CONTACT DETAILS AS OF 1 JAN 2005
David W. Chadwick, BSc PhD Professor of Information Systems Security The Computing Laboratory, University of Kent, Canterbury, CT2 7NZ Tel: +44 1227 82 3221 Fax +44 1227 762 811 Mobile: +44 77 96 44 7184 Email: D.W.Chadwick@kent.ac.uk Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html Research Web site: http://sec.cs.kent.ac.uk Entrust key validation string: MLJ9-DU5T-HV8J PGP Key ID is 0xBC238DE5
*****************************************************************