Issue 3178: RAD FTF Issues document (rad-ftf) Source: SAP AG (Mr. David Frankel, david.frankel@sap.com) Nature: Uncategorized Issue Severity: Summary: Due to very scetchy issue descriptions the document will be handled as 1 issue. The complete doc can be found in the issues archive Resolution: Revised Text: Page: 9 [dsf1][Errata] There doesn’t seem to be any such document on the OMG server. Reply: This comment is in reference to document 99-02-29, which does not exist in drafted Adopted Specification. Page: 10 [dsf2][FTF] Missing word Reply: This comment is in reference to an rfp requirement found in section 1.7.1 which does not exist in draft Adopted Specification. Page: 10 [dsf3][FTF] Missing word Reply: This comment is in reference to a paragraph about future specifications found in section 1.7.1 which does not exist in draft Adopted Specification. Page: 11 [dsf4][Errata] Remove: not appropriate for final submission Reply: This comment is in reference to a response to “How new CORBAMed specifications will employ the submitted specification” which does not exist in draft Adopted Specification. Page: 12 [dsf5][Errata] Remove: not appropriate for final submission Reply: This comment is in reference to “Mechanisms provided for extensibility” which does not exist in draft Adopted Specification. Page: 16 [dsf6][Errata] Ditto Reply: The following comment is found under DynamicAttributeService “The submitters plan to include standard administrative interfaces for this facility in the revised submission.” This comment was deleted in the draft Adopted Specification. Page: 17 [dsf7][FTF] Grammar Reply: KB Fixed. Grammar error found in the text portion of the Access Decision Model. Page: 17 [dsf8] It isn't clear what the notation in these two diagrams is. They don't seem to be officially any of the standard UML diagrams. This makes some things unclear. For instance, there are three consults lines coming from Access Decsion. Do the consultations need to occur in any particular order? The text says that the Decision Combinator's decision is what finally returns to the client, but other than that the ordering (or whether an order is required) isn’t clear. Reply: This is issue 3178A. This comment is in reference to the text in the Access Decision Model, which can be found in section 1.2.1 of the draft Adopted Specification, page 1-4. Page: 19 [dsf9][Errata] Although PolicyEvaluatorLocatorAdmin is referenced many times in the text of this document, including the table of contents, it is just a forward reference in this document’s IDL and does not appear at all in the revised IDL (99-05-01).Not all instances of this were fixed. Reply: KB fixed. Page: 19 [dsf10]Why is this discussion under the administrative model rather than the access decision model? Reply: This is issue 3178B. This comment is found at the end of the following sentence: “This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision“ This can be located in section 1.2.2 Administrative Model, on page 1-5 of the draft Adopted Specification (3 rd paragraph). Page: 19 [dsf11][FTF] Grammar Reply: KB Fixed. Grammar error found in the 4 th paragraph of the Administrative Model. Page: 20 [dsf12]This UML diagram needs some work: 7 [Errata] By definition, the cardinality of a strong aggregation (black diamonds) on the aggregate side cannot be 1..* or 0..*. It can only be 0..1 or 1..1. 7 [Errata] It shows NO_ACCESS_POLICY being a subtype of PolicyName. It is actually a particular instance of PolicyName. This can be shown in UML 1.1 via a dependency from NO_ACCESS_POLICY to PolicyName with an <<instance>> stereotype. 7 [Errata] The AttributeList typedef would be better shown by a dependency from AttributeList to Security::AttributeList with a <<typedef>> stereotype applied to the dependency. In the diagram it is shown as a navigable association which would mean that AttributeList literally holds a reference to Security::AttributeList. (Note that the <<typedef>> dependency is not a standard UML stereotype--UML has no notion of typedef.) 7 [Errata] ResourceNamePattern is a typedef of ResourceName but in the UML diagram it is shown as a subtype of ResourceName. I recommend handling it similarly to the AttributeList typedef, i.e. making it a dependency from ResourceNamePattern to ResourceName, with a <<typedef>> stereotype applied to the dependency. 7 [Errata] DecisionResultList is shown in the UML diagram but does not occur anywhere else in the document. 7 [Errata] DecisionCombinator and PolicyEvaluator are stereotyped as <<interface>> in the UML Information Model diagram, whereas in the computational model they are stereotyped as <<IDL Interface>>. I recommend stereotyping them both as <<IDL Interface>> because, in UML, <<interface>> is a standard stereotype of Class that restricts the class from having attributes. PolicyEvaluator has attributes. DecisionCombinator does not have attributes, but it nevertheless would be unwise to restrict its evolution unnecessarily. Also, a question arises: Are the multiplicities shown in the diagram normative? For example, consider the relationship between PolicyEvealuatorList and NamedPolicyEvaluator. The multiplicity on the aggregate side is 0..1, meaning that a NamedPolicyEvaluator can exist without being owned by a PolicyEvaluatorList. Is this specification normative? The multiplicity on agregee side is 0..*,meaning a valid PolicyEvaluatorList can be empty. Is this normative? Reply: KB Fixed. This comment is in reference to the Information Model. Yes, it’s normative. Page: 21 [dsf13][Errata] The specification of AccessDecision as a singleton contradicts the 1..* multiplicity on the aggregate side of the relationship between AccessDecisionAdmin and AccessDecision in the UML diagram. If there can only be one instance of AccessDecision, then an AccessDecisionAdmin instance cannot be associated with more than one AccessDecision instance. [Errata] Similarly, specifying PolicyEvaluatorLocator as a singletoncontradicts the multiplicity on the aggregate side of PolicyEvaluatorLocator's relationships with PolicyEvaluatorLocatorBasicAdmin and PolicyEvaluatorLocatorPatternAdmin. [Errata] Also, this section says nothing about which administrative interfaces are singletons. For example: Since AccessDecision is a singleton, and since the UML computatonal model says that an AccessDecision is associated with exactly one AccessDecisionAdmin, this would suggest (but not technically require) that AccessDecisionAdmin is also a singleton. Thinking about the functionality, since what an AccessDecisionAdmin does is encapsulate references to the singleton PolicyEvaluator Locator and to the singleton DynamicAttributeService, logically AccessDecisionAdmin should be a singleton. Reply: KB Fixed. Comment in response to statement found in the Computational Model – “Among runtime interfaces, AccessDecision, PolicyEvaluatorLocator, and DynamicAttributeService are singletons.” This can be found in section 1.2.4, page 1-8 of the draft Adopted Specification. Page: 23 [dsf14][FTF] Grammar. Reply: This grammar error was found in a section referring to “scope of this submission” which does not exist in the draft Adopted Specification. Page: 26 [dsf15][Errata] This seems to imply by omission that value_string is allowed to be empty. If this is so, then it should be reflected in the UML diagram by specifying the multiplicity of value_string attribute as [0..1]. To do this, change "value_string: string" to "value_string [0..1] : string". Note that a multiplicity of [1] or [1..1] is the UML default for attributes. Quoting from the UML notation guide (ad/97-08- 05): Note that a multiplicity of 0..1 provides for the possibility of null values: the absence of a value, as opposed to a particular value from the range. For example, the following declaration permits a dis-tinction between the null value and the empty string: name [0..1]: String Reply: KB Fixed. This comment in reference to definition for ResourceNameComponent – “A datum element of this type is invalid if the name_string member has empty value”. This can be found in section 2.2.2, page 2-5 of the draft Adopted Specification. Page: 26 [dsf16][Errata] Should be ResourceNameComponentList Reply: KB Fixed. Page: 26 [dsf17][Errata] How is valid syntax defined? Reply: KB Fixed. The comment was in response to the definition for ResourceName. KB removed the statement about invalid syntax of ResourceNamingAuthority and added description of the data type. Page: 27 [dsf18]Why is NamedPolicyEvaluator not an interface that subtypes PolicyEvaluator? Why is it done this way, i.e. by containment rather than by subtyping? Is there a need to have the ability to provide the same PolicyEvaluator instance a different name in different contexts? Reply: This is issue 3178C. Comment is referring to the struct NamedPolicyEvaluator in the “Types associated with evaluating Access Policy.” This can be found in section 2.2.3, page 2-6 of the draft Adopted Specification. KB replied: NamedPolicyEvaluator data type is passed as an argument of invocations on DecisionCombinator. It could be an OBV. What do we gain if we make it an OBV instead of a struct? Page: 27 [dsf19][Errata] This contradicts the UML diagram, which says that a PolicyNameList is a composition of 0..* PolicyName instances. To align the UML diagram with this text, the multiplicity should be changed to 1..*. Reply: KB Fixed. This comment is referring to text associated with PolicyNameList. Page: 28 [dsf20]{Errata] Then the UML diagram should show the multiplicity of evaluator_name as [0..1]. Reply: KB Fixed. This comment is referring to text associated with NamedPolicyEvaluator. Page: 28 [dsf21][Errata] No such operation mentioned anywhere else in this document or in the revised IDL. Reply: KB Fixed. Referring to get_policy_evaluators. Page: 28 [dsf22][Errata] This is an operation of PolicyEvaluatorLocatorBasicAdmin, not of PolicyEvaluatorLocatorAdmin which, as previously noted, does not exist. Reply: KB Fixed. Referring to set_default_evaluators. Page: 28 [dsf23][Errata] Which does not exist. These operations are in other interfaces. Reply: KB Fixed. Page: 28 [dsf24][FTF] Replace "method" with "operation". CORBA does not define method. Reply: KB Fixed. Referring to text associated with PolicyEvaluatorList. Page: 29 [dsf25]Call this something other than "ed" to distinguish it from the item in the other exceptions named "ed" which is an ExceptionData. Reply: KB Fixed. Associated with InternalErrorType. Renamed to “it.” Page: 30 [dsf26][Errata] Fatal rather than RadFatal, according to the IDL – references “If the ComponentError is RadFatal, the AccessDecision object must determine if it can continue to process without the component.” [dsf27][Errata] InternalError rathan RadInternalError, according to the IDL. – references “If it cannot, it must throw a RadInternalError.” [dsf28][Errata] Fatal rather than RadFatal, according to the IDL – references “with RadFatal.” Reply: This is issue 3178D. All three of these comments are related to text found under ComponentError in section 2.2.5 Exceptions, on page 2-10 of the draft Adopted Specification. Page: 30 [dsf29][Errata] Spelling of operation name Reply: KB Fixed. Page: 31 [dsf30]Is this a validity rule for all instances of PolicyEvaluatorList? (Note that no validity rules were given for PolicyEvaluatorList.) Reply: In reference to InvalidPolicyNameList found in section 2.2.5 Exceptions, page 2-11 in the draft Adopted Specifications. KB Reply: Not exactly. A duplicate evaluator name may happen when two PolicyEvaluatorLists are associated with the same resource name in such a way that each of them does not have duplicate evaluator name but the union does. So, I’m not sure that if we put this restriction into the definition of PolicyEvaluatorList we can remove it from the description of this exception. Page: 31 [dsf31][FTF] Grammar Reply: KB Fixed. Page: 31 [dsf32][FTF] Grammar Reply: This is issue 3178E. This is in reference to the following sentence under InvalidPolicyEvaluatorList: “first_invalid_element is first named policy evalautor in the invalid list which caused the list to be invalid.” Suggested fix – “ first_invalid_element is the first named policy evaluator in the invalid list which caused the list to be invalid.” This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Page: 31 [dsf33][Errata] Instead of "in the invalid list" shouldn't this be "in the PolicyNameList" ? Reply: This is issue 3178F. This comment is in reference to the following sentence under InvalidPolicyNameList: “first_invalid_element is first named policy evaluator in the invalid list which caused the list to be invalid.” This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Page: 31 [dsf34][FTF] Grammar Reply: KB Fixed. Page: 31 [dsf35]Why not have an exception specifically for an empty list? Reply: This is issue 3178G. This is in reference to the following sentence under InvalidPolicyEvaluatorList: “If the value of this data member is nil, then the list is invalid not because of a particular element, but because of some other reason (for example, because the list is empty). KB Reply: Carol and Bob, remember we discussed this, and one of you suggested to only have one exception. This is how we removed EmptyPolicyEvaluatorList exception, I believe. Do you guys want it back? This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Page: 31 [dsf36][FTF] Grammar Reply: This is issue 3178E. This comment refers to the following sentence found under InvalidPolicyEvaluatorList: “This exception is raised when a policy evalautor list, passed as a part of an operation arguments. This can be found in section 2.2.5 Exceptions, page 2-11. Page: 31 [dsf37][Errata] Spelling of interface name Reply: KB Fixed. Page: 31 [dsf38][Errata] As far as I can see, no specification of what constitutes a valid or invalid datum is provided for PolicyEvaluatorList or for NamedPolicyEveluator, instances of which are members of a PolicyEvaluatorList. Reply: KB Fixed. This comment is in reference to text found in InvalidPolicyEvaluatorList. KB added definition invalidity for PolicyEvaluatorList and for NamedPolicyEvaluator. Page: 31 [dsf39]Same comment as #35 above Reply: This is issue 3178G1. KB replied with the same comment as above. Page: 32 [dsf40][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Reply: This is issue 3178H. This comment is in reference to the AccessDecision Interface text, which can be found in section 2.3, page 2-12 of the draft Adopted Specification. Page: 32 [dsf41]Note that preconditions such as this one would not have to be repetitively stated for many operations if the definitions of validity were explicitly characterized as invariants. Specification of invariants is a key concept in design by contract. From the standpoint of the computational model (i.e. from the computational viewpoint) invariants constitute universal pre and post conditions for all operations, although not every invariant is directly relevant to every operation. Since this document provides validity criteria for most (it’s missing for a few) of the types, this work (i.e. formal specification of invariants) is mostly done. A few small adjustments would tie this all neatly together: 7 [FTF] Explicitly label the validity rules as invariants. 7 [FTF] Add a statement to the section on pre/postcondition semantics noting that the invariants are considered to be pre and postconditions for all operations. 7 [FTF] Remove the pre and postconditions that thus become redundant. (Note that this document is not consistent in repeating such validity rules as preconditions. For example, the set_evaluators( ) operation of PolicyEvaluationLocatorNameAdmin requires a ResoureName as input, yet does not specify any preconditions.) Reply: This is issue 3178I. This comment is in reference to the preconditions found under access_allowed(). You can find this in section 2.3, on page 2-13 of the draft Adopted Specifications. Page: 33 [dsf42][FTF] Grammar Reply: This is issue 3178G2. This comment is in reference to the following sentence found under postconditions of multiple_access_allowed(): “Where an authorization decision ==authorization decision for the requested operation on the specified resource name by a principal with the specified security attributes. This can be found in section 2.3, on page 2-13 of the draft Adopted Specification. Page: 33 [dsf43][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Reply: This is issue 3178H2. This comment is in reference to the DynamicAttributeService Interface text, which can be found in section 2.4, page 2-13 of the draft Adopted Specification. Page: 33 [dsf44][FTF] This is stated rather imprecisely. It should say something to the effect that, in addtion to adding new attributes, the orginal attributes can be altered. Reply: This is issue 3178J. This comment is in reference to the following sentence under get_dynamic_attributes(): “In addition, the returned AttributeList may be modified by this service.” This can be found in section 2.4, page 2-14 of the draft Adopted Specification. Page: 33 [dsf45][FTF] Grammar Reply: This is issue 3178G3. This comment is in reference to the following sentence under get_dynamic_attributes(): “The service may add or remove SecAttributes to this list.” This can be found in section 2.4, page 2-14 of the draft Adopted Specification. Page: 34 [dsf46][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Reply: This is issue 3178H3. This comment is in reference to the PolicyEvaluatorLocator Interface text, which can be found in section 2.5, page 2-14 of the draft Adopted Specification. Page: 34 [dsf47][FTF] Grammar Reply: This is issue 3178G4. This comment is in reference to following sentence found under get_policy_decision_evaluators(): “A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client.” This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Page: 34[dsf48][FTF] Oddly phrased. Seems more appropriate for the bulk of this to be re-cast as a postcondition. Reply: This is issue 3178K. This comment is in reference to the following sentence found under get_policy_decision_evaluators(): “A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client.” This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Page: 34 [dsf49][FTF] Spelling Reply: KB Fixed. Page: 35 [dsf50]Why is the return binary whereas evaluate( ) returns a ternary? Reply: This comment is in reference to the boolean combine_decisions found in the DecisionCombinator interface, section 2.6, page 2-15 of the draft Adopted Specification. KB Reply – because it is a final decision, which could not have “don’t know” result. Page: 35 [dsf51][FTF] Grammar Reply: This is issue 3178G5. This comment is in reference to the following sentence found in the text directly beneath the DecisionCombinator interface idl: “The DecisionCombinator interface is used to encapsulate the policy for the way that decisions of multiple PolicyEvaluators is combined.” This can be found in section 2.6, page 2-15 of the draft Adopted Specification. Page: 36 [dsf52][Errata] The definition of PolicyEvaluatorList did not specify validity rules Reply: KB Fixed. Page: 36 [dsf53][FTF] It should be possible to state a postcondition here, as is done for the access_allowed( ) and evaluate( ) operations. Reply: This is issue 3178L. This is in reference to the statement that there are no postconditions for combine_decisions. This can be found in section 2.6, page 2-17 of the draft Adopted Specification. Page: 37 [dsf54]Why aren't these four operations modeled as two attributes? Reply: This is issue 3178M. This is in reference to AccessDecisionAdmin interface. KB: Carol or Bob, will you explain? This can be found in section 2.8, page 2-18 of the draft Adopted Specification. Page: 38 [dsf55][FTF] The rules in these two sentences could (and probably should) be framed as postconditions for get_policy_decision_evaluators. Reply: . This is issue 3178K2. This comment is in reference to the following sentence under set_default_evaluators: “Default evaluators are overridden by the add_evaluators() or replace_evaluators() methods. The default evaluators will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method when no PolicyEvaluators have been explicitly assigned for a ResourceName.” This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Page: 38 [dsf56][FTF] This way of specifying the postcondition would be more rigorous if default_evaluators were formally defined as a role of PolicyEvaluationList in a relationship between PolicyEvaluatorLocator and PolicyEvaluationList. The relationship and role could be defined via UML notation or by textual means. This same approach could be applied to many of the postconditions that follow. Reply: This is issue 3178O. This comment is in reference to the postcondition stated under set_default_evaluators, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Page: 39 [dsf57][FTF] The explanation above of set_default_evaluators( ) stated how the defaults are overridden. For consistency it should be stated here how the default DecisionCombinator is overridden. Reply: This is issue 3178P. This comment is in reference to set_default_combinator, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Page: 39 [dsf58][FTF] This rule should probably be framed as a postcondition for get_policy_decision_evaluators. Reply: This is issue 3178K3. This comment is in reference to the following sentence found under set_default_combinator: “This combinator will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method for these resources. This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Page: 39 [dsf59][FTF] The declaration that the operation raises this exception appears to be defining how the object behaves when a precondition is not met, which contradicts the policy stated at the outset that such behavior is undefined. (Although "ResourceName is valid" is not stated as a precondition for this operation, this omission is inconsistent, as has already been pointed out, with other operations that require a ResourceName in-parameter. Truly, this validity requirement is a precondition.) Reply: This is issue 3178N. This comment is in reference to InvalidResourceName found in the PolicyEvaluatorLocatorNameAdmin interface, section 2.10, page 2-21 of the draft Adopted Specification. Page: 39 [dsf60][Errata] I believe this should be ResourceName rather than ResourceNamePattern. Ditto for the remainder of the operations in this interface. Reply: This is issue 3178Q. This comment is in reference to the PolicyEvaluatorLocatorNameAdmin interface, which can be found in section 2.10, page 2-21 of the draft Adopted Specification. Page: 43 [dsf61][FTF] Should be singular. Reply: This is issue 3178R. This comment is in reference to ResourceNamePatterns found in the following sentence under the PolicyEvaluatorLocatorPatternAdmin interface: “The PolicyEvaluatorLocatorPatternAdmin object is used to associate PolicyEvaluators with a ResourceNamePatterns.” This is the first sentence under the PolicyEvaluatorLocatorPatternAdmin interface idl in section 2.11, page 2-25 of the draft Adopted Specification. Page: 43 [dsf62]This seems to suggest that in order for a name_string to conform to this second kind, must literally be equal to "*". However, the presentation given to CORBAmed shows that it can contain "*" but not literally be "*". The example in the presentation was something like "Red.*" Reply: This is issue 3178S. This comment is in reference to the following sentence under the second kind of ResourceNameComponent: “MATCHES_AS_GRE – returns “yes” if the string provided by first argument matches another string provided by second argument, where the second string is interpreted according to regular expression syntax specified in the definition of ResourceNamePattern type on Page Error! Bookmark not defined., otherwise “no.” This can be found in section 2.11, page 2-26 of the draft Adopted Specification. Page: 43 [dsf63]Same comment as previous--value_string doesn't have to literally be equal to "*". Reply: I cannot locate this comment in the document. Page: 44 [dsf64][Errata] Despite the helpful diagram, the pattern matching logic is hard to comprehend. I feel it imperative that several concrete examples be provided. Reply: This is issue 3178T. This comment is in reference to the following paragraph found under the PolicyEvaluatorLocatorPatternAdmin interface: “MATCHES_AS_GRE – returns “yes” if the string provided by first argument matches another string provided by second argument, where the second string is interpreted according to regular expression syntax specified in the definition of ResourceNamePattern type on Page Error! Bookmark not defined., otherwise “no.” KB Reply – Carol, I will try to go back to you with some examples by Wednesday. This can be found in section 2.11, page 2-26 of the draft Adopted Specification. Page: 46 [dsf65][Errata] Unclear Reply: This is issue 3178U. This comment is in reference to the following sentence found under the definition of register_resource_name_patter: “Since a ResourceName is a ResourceNamePattern, ResourceNames must also be registered if these administrative interfaces are administer evaluators and combinators.” This can be found in section 2.11, page 2-26 of the draft Adopted Specification. Page: 49 [dsf66][Errata] In the postcondition this is called "policy_name" (singular), which is more logical. Reply: This is issue 3178V. This comment is referring to the fact that in the idl, “policy_name has an “s” on the end – policy_names. This can be found in section 2.12, page 2-30 of the draft Adopted Specification. Page: 49 [dsf67][FTF] Should be included in the postconditions. Reply: This is issue 3178W. This comment is in reference to the following statement found under set_policies: “If a single PolicyName of NO_ACCESS_POLICY is specified, then all policy is removed for the resource. This can be found in section 2.12, page 2-30 of the draft Adopted Specification. Page: 50 [dsf68][Errata] Unclear. Does this mean all PolicyNames that have been input via set_policies( ), add_policies( ), and set_default_policy( ) and that have not been removed via delete_policies( )? Or does it mean all PolicyNames that exist in the system even if they haven't been attached via this interface? I would presume the former, but this should be clarified. Reply: KB Fixed. This comment is in reference to the following sentence found under list_policies: “A list of all existing PolicyNames is returned to the client.” KB Reply: A list of all policies that this instance of PolicyEvaluator supports is returned by this operation. In the draft Adopted Specification, this sentence now is: “A list of names of all policies supported by this instance of PolicyEvaluator is returned to the client.” This can be found in section 2.12, page 2-31 of the draft Adopted Specification. Page: 51 [dsf69][FTF] Attribute, not data member Reply: This is issue 3178X. This comment is in reference to the following sentence found under Conformance Classes: “In this case pattern_admin data member of PolicyEvaluatorLocator interface implementation must have value null.” This can be found in section 2.13, page 2-32 of the draft Adopted Specification. Page: 61 [dsf70][FTF] This is the first time in the document that we've seen an example of a ResourceName. I recommend enhancing the usage scenario in the previous section to similarly show the anatomy of the ResourceName being used in the example. Reply: Issue 3178Y. This comment is in reference to the following sentence found in Appendix C: “create RAD resource names according to the following rules:” This can be found on page C-2 of the draft Adopted Specifications. Page: 62 [dsf71]It might be a good idea for ResourceNameComponent to have a boolean data item indicating whether the component is mandatory or optional. Reply: This is issue 3178Z. This comment is in reference to the following sentence found under Appendix C, #5: “all other elements of ResourceName data member resource_name_component_list are optional.” This can be found on page C-2 of the draft Adopted Specifications. Actions taken: January 5, 2000: received issue January 9, 2001: closed issue Discussion: Sub-Issue No: 3178A It isn't clear what the notation in these two diagrams is. They don't seem to be officially any of the standard UML diagrams. Clarification: This comment is in reference to the text in the Access Decision Model, which can be found in section 1.2.1 of the draft Adopted Specification, page 1-4. Resolution: Reject. No change. The diagram was not intended to be UML. It is illustrative; the specification is fully defined in the text. Revised Text: None. Sub-Issue No: 3178B Why is this discussion under the administrative model rather than the access decision model? Clarification: This comment is found at the end of the following sentence: "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" This can be located in section 1.2.2 Administrative Model, on page 1-5 of the draft Adopted Specification (3rd paragraph). Resolution: Move the sentence "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" from section 1.2.2 to section 1.2.1 as the last sentence in the section. Revised Text: see resolution description. Sub-Issue No: 3178C Why is NamedPolicyEvaluator not an interface that subtypes PolicyEvaluator? Why is it done this way, i.e. by containment rather than by subtyping? Is there a need to have the ability to provide the same PolicyEvaluator instance a different name in different contexts? Clarification: Comment is referring to the struct NamedPolicyEvaluator in the "Types associated with evaluating Access Policy." This can be found in section 2.2.3, page 2-6 of the draft Adopted Specification. Resolution: Reject. No change. Revised Text: None Sub-Issue No: 3178E, F, and G1 Sub-Issue 3178E [FTF] Grammar Sub-Issue 3178F [Errata] Instead of "in the invalid list" shouldn’t this be "in the PolicyNameList" Issue 3178G1 states: Same comment as #35 above (3178F). Clarification:Clarification (3178E). This is in reference to the following sentence under InvalidPolicyEvaluatorList: "first_invalid_element is first named policy evaluator in the invalid list which caused the list to be invalid." This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Clarification (3178F) and references the same sentence in 3178E. Clarification (3178G1). KB replied with the same comment as above. Resolution: Proposed resolution to all: change referenced statement to read "first_invalid_element is the first named policy evaluator in the PolicyNameList which caused the list to be invalid." Revised Text: see resolution description. Sub-Issue No: 3178EE Grammar Clarification: This comment refers to the following sentence found under InvalidPolicyEvaluatorList: "This exception is raised when a policy evaluator list, passed as a part of an operation arguments.” This can be found in section 2.2.5 Exceptions, page 2-11. Resolution: Change sentence to read: "This exception is raised when a PolicyEvaluatorList contains invalid elements". Revised Text: see resolution description. Sub-Issue No: 3178G2 Grammar Clarification: This comment is in reference to the following sentence found under postconditions of multiple_access_allowed(): "Where an authorization decision ==authorization decision for the requested operation on the specified resource name by a principal with the specified security attributes. This can be found in section 2.3, on page 2-13 of the draft Adopted Specification. Resolution: Remove the offending sentence fragment. Revised Text: see resolution description. Sub-Issue No: 3178G3 Grammar Clarification: This comment is in reference to the following sentence under get_dynamic_attributes(): "The service may add or remove SecAttributes to this list." This can be found in section 2.4, page 2-14 of the draft Adopted Specification. Resolution: Change the text to read "The service may add SecAttributes to this list, or remove SecAttributes from this list." Revised Text: see resolution description. Sub-Issue No: 3178G4 Grammar Clarification: This comment is in reference to following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Resolution: Remove the sentence and replace it with the following "A PolicyDecisionEvaluators structure is returned to the client. A PolicyDecisionEvaluators structure contains a PolicyEvaluatorList and the DecisionCombinator." Revised Text: see resolution description. Sub-Issue No: 3178G5 Grammar Clarification: This is issue 3178G. This comment is in reference to the following sentence found in the text directly beneath the DecisionCombinator interface idl: "The DecisionCombinator interface is used to encapsulate the policy for the way that decisions of multiple PolicyEvaluators is combined." This can be found in section 2.6, page 2-15 of the draft Adopted Specification. Resolution: Change the sentence to read: "The DecisionCombinator interface is used to encapsulate a policy for combining decisions of multiple consulted PolicyEvaluators that may disagree." Revised Text: see resolution description. Sub-Issue No: 3178H Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This comment is in reference to the AccessDecision Interface text, which can be found in section 2.3, page 2-12 of the draft Adopted Specification. Resolution: Add the word "singleton" before the word object in the first sentence of section 2.3, page 2-12. "The singleton Access Decision object..." Revised Text: see resolution description. Sub-Issue No: 3178H2 Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This comment is in reference to the DynamicAttributeService Interface text, which can be found in section 2.4, page 2-13 of the draft Adopted Specification. Resolution: Reject. No change. Although only one DynamicAttributeService reference is held at a time by a RAD, the object may be replaced by an alternate. The specification makes this clear. Revised Text: None Sub-Issue No: 3178H3 Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This comment is in reference to the PolicyEvaluatorLocator Interface text, which can be found in section 2.5, page 2-14 of the draft Adopted Specification. Resolution: Reject. No change. Although only one PolicyEvaluatorLocator reference is held at a time by a RAD, the object may be replaced by an alternate. The specification makes this clear. Revised Text: None Sub-Issue No: 3178I Note that preconditions such as this one would not have to be repetitively stated for many operations if the definitions of validity were explicitly characterized as invariants. Specification of invariants is a key concept in design by contract. From the standpoint of the computational model (i.e. from the computational viewpoint) invariants constitute universal pre and post conditions for all operations, although not every invariant is directly relevant to every operation. Since this document provides validity criteria for most (it’s missing for a few) of the types, this work (i.e. formal specification of invariants) is mostly done. A few small adjustments would tie this all neatly together: 7 [FTF] Explicitly label the validity rules as invariants. 7 [FTF] Add a statement to the section on pre-postcondition semantics noting that the invariants are considered to be pre and postconditions for all operations. 7 [FTF] Remove the pre and postconditions that thus become redundant. (Note that this document is not consistent in repeating such validity rules as preconditions. For example, the set_evaluators() operation of PolicyEvaluationLocatorNameAdmin requires a ResoureName as input, yet does not specify any preconditions.) Clarification: This comment is in reference to the preconditions found under access_allowed(). You can find this in section 2.3, on page 2-13 of the draft Adopted >Specifications. Resolution: Reject this issue. This was not an issue for implementors. Revised Text: None Sub-Issue No: 3178K Oddly phrased. Seems more appropriate for the bulk of this to be re-cast as a postcondition Clarification: This comment is in reference to the following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Resolution: This is resolved by the proposed resolution to issue 3178G4 (same sentence). Revised Text: None Sub-Issue No: 3178K2 The rules in these two sentences could (and probably should) be framed as postconditions for get_policy_decision_evaluators. Clarification: This comment is in reference to the following sentence under set_default_evaluators: "Default evaluators are overridden by the add_evaluators() or replace_evaluators() methods. The default evaluators will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method when no PolicyEvaluators have been explicitly assigned for a ResourceName." This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Resolution: Reject the request to express this as a postcondition as this was not an issue for implementors. Change the referenced sentence to read: "Default evaluators are overridden by the add_evaluators() or replace_evaluators() operations. The default evaluators will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() operation when no PolicyEvaluators have been explicitly assigned for a ResourceName." This fixes incorrect terminology. Revised Text: See resolution Sub-Issue No: 3178K3 This rule should probably be framed as a postcondition for get_policy_decision_evaluators. Clarification: This comment is in reference to the following sentence found under set_default_combinator: "This combinator will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method for these resources. This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Resolution: This was not an issue for implementors. Reject request to frame as a postcondition. Change, however, the sentence to read: "This combinator will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() operation for these resources." Revised Text: see resolution Sub-Issue No: 3178L It should be possible to state a postcondition here, as is done for the access_allowed() and evaluate() operations. Clarification: This is in reference to the statement that there are no postconditions for combine_decisions. This can be found in section 2.6, page 2-17 of the draft Adopted Specification. Resolution: Reject. No Change. The return from the operation is a Boolean. There were no issues for implementors that no postcondition was stated. Revised Text: None Sub-Issue No: 3178M Why aren’t these four operations modeled as two attributes? Clarification: This is in reference to AccessDecisionAdmin interface. This can be found in section 2.8, page 2-18 of the draft Adopted Specification. Resolution: Not an issue. No change. Revised Text: None Sub-Issue No: 3178N The declaration that the operation raises this exception appears to be defining how the object behaves when a precondition is not met, which contradicts the policy stated at the outset that such behavior is undefined. (Although "ResourceName is valid" is not stated as a precondition for this operation, this omission is inconsistent, as has already been pointed out, with other operations that require a ResourceName in-parameter. Truly, this validity requirement is a precondition.) Clarification: This is issue 3178N. This comment is in reference to InvalidResourceName found in the PolicyEvaluatorLocatorNameAdmin interface, section 2.10, page 2-21 of the draft Adopted Specification. Resolution: No change. The exception is needed. Revised Text: None Sub-Issue No: 3178O This way of specifying the postcondition would be more rigorous if default_evaluators were formally defined as a role of PolicyEvaluationList in a relationship between PolicyEvaluatorLocator and PolicyEvaluationList. The relationship and role could be defined via UML notation or by textual means. This same approach could be applied to many of the postconditions that follow. Clarification: This comment is in reference to the postcondition stated under set_default_evaluators, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Resolution: Not an issue for implementors. No change. Revised Text: None Sub-Issue No: 3178P The explanation above of set_default_evaluators() stated how the defaults are overridden. For consistency it should be stated here how the default DecisionCombinator is overridden. Clarification: This comment is in reference to set_default_combinator, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Resolution: Delete the sentence that is referenced as saying how defaults are overridden. The sentence to remove is in the first paragraph of page 2-20 and starts: "Default evaluators may be overridden by the ..." One of the operations listed is no longer in the spec (replace_evaluators). How evaluators and combinators are replaced is explained elsewhere in the specification. This will resolve the consistency issue and fix the reference. Revised Text: See resolution Sub-Issue No: 3178Q I believe this should be ResourceName rather than ResourceNamePattern. Ditto for the remainder of the operations in this interface. Clarification: This comment is in reference to the PolicyEvaluatorLocatorNameAdmin interface, which can be found in section 2.10, page 2-21 of the draft Adopted Specification. Resolution: Accept. Change every instance of the parameter "in ResourceNamePattern" in operations of the interface PolicyEvaluatorLocatorNameAdmin to "in ResourceName". Change any supporting text in section 2.10 and the complete IDL. Revised Text: Sub-Issue No: 3178R Should be singular. Clarification: This comment is in reference to ResourceNamePatterns found in the following sentence under the PolicyEvaluatorLocatorPatternAdmin interface: "The PolicyEvaluatorLocatorPatternAdmin object is used to associate PolicyEvaluators with a ResourceNamePatterns." This is the first sentence under the PolicyEvaluatorLocatorPatternAdmin interface idl in section 2.11, page 2-25 of the draft Adopted Specification. Resolution: Change the sentence to read: "The PolicyEvaluatorLocatorPatternAdmin object is used to associate PolicyEvaluators with a ResourceNamePattern." Revised Text: see resolution Sub-Issue No: 3178S This seems to suggest that in order for a name_string to conform to this second kind, must literally be equal to "*". However, the presentation given to CORBAmed shows that it can contain "*" but not literally be "*". The example in the presentation was something like "Red.*" Clarification: This comment is in reference to the following sentence under the second kind of ResourceNameComponent: "The second kind of ResourceNameComponent which can occur in a pattern is a component wildcard pattern: -name_string is "*" ; value_string is "*"" This can be found in section 2.11, page 2-26 of the draft Adopted Specification. Resolution: The specification is correct. The second kind of ResourceNameComponent (wildcard) requires that both name and value be precisely "*". To clarify this, change the bullets on page 2-26 to read: - name_string exactly matches "*" and - value_string exactly matches "*" Revised Text: see resolution Sub-Issue No: 3178T Despite the helpful diagram, the pattern matching logic is hard to comprehend. I feel it imperative that several concrete examples be provided. Clarification: This comment is in reference to the following paragraph found under the PolicyEvaluatorLocatorPatternAdmin interface: "MATCHES_AS_GRE returns "yes" if the string provided by first argument matches another string provided by second argument, where the second string is interpreted according to regular expression syntax specified in the definition of ResourceNamePattern type on Page 26, otherwise "no.". Also, the "helpful diagram" is missing in the draft adopted spec. Our feeling is that with the diagram the algorithm is understandable. Resolution: 1) Change the wording of the above sentence to read: "MATCHES_AS_GRE returns "yes" if the resource "name" matches the resource name "pattern", where the "pattern" is interpreted according to the regular expression syntax specified in the definition of ResourceNamePattern in section 2.2.2 page 2-5. 2) Insert the diagram containing the algorithm (this is contained in the same section of the revised submission corbamed/99-04-05 - an editing error removed it from the draft submission) after the sentence on page 2-26 "A resource name matches a pattern if and only if the algorithm shown in the figure below returns MATCH." Revised Text: see resolution Sub-Issue No: 3178U Unclear Clarification: This comment is in reference to the following sentence found under the definition of register_resource_name_pattern: "Since a ResourceName is a ResourceNamePattern, ResourceNames must also be registered if these administrative interfaces are administer evaluators and combinators." This can be found in section 2.11, page 2-26 of the draft Adopted Specification. Resolution: Change the sentence to read: "Since a ResourceName is a ResourceNamePattern, ResourceNames must also be registered if these administrative interfaces are used to administer evaluators and combinators." Revised Text: see resolution Sub-Issue No: 3178V In the postcondition this is called "policy_name" (singular), which is more logical. Clarification: This comment is referring to the fact that in the IDL, "policy_name has an "s" on the end policy_names. This can be found in section 2.12, page 2-30 of the draft Adopted Specification. Resolution: No change. Editor can’t find the offending postcondition. Revised Text: None Sub-Issue No: 3178W Should be included in the postconditions. Clarification: This comment is in reference to the following statement found under set_policies: "If a single PolicyName of NO_ACCESS_POLICY is specified, then all policy is removed for the resource. This can be found in section 2.12, page 2-30 of the draft Adopted Specification. Resolution: State in the postcondition that if PolicyName == NO_ACCESS_POLICY then no policy exists for the resource. Revised Text: see resolution Sub-Issue No: 3178X Attribute, not data member. Clarification: This comment is in reference to the following sentence found under Conformance Classes: "In this case pattern_admin data member of PolicyEvaluatorLocator interface implementation must have value null." This can be found in section 2.13, page 2-32 of the draft Adopted Specification. Resolution: Change the sentence to read: "In this case the pattern_admin attribute of the PolicyEvaluatorLocator interface implementation must be/return null." Revised Text: see resolution Sub-Issue No: 3178Y This is the first time in the document that we’ve seen an example of a ResourceName. I recommend enhancing the usage scenario in the previous section to similarly show the anatomy of the ResourceName being used in the example. Clarification: This comment is in reference to the following sentence found in Appendix C: "create RAD resource names according to the following rules:" This can be found on page C-2 of the draft Adopted Specifications. Resolution: Reject. No change. This is an example, not part of the normative part of the spec. Revised Text: None Sub-Issue No: 3178Z It might be a good idea for ResourceNameComponent to have a boolean data item indicating whether the component is mandatory or optional. Clarification: This comment is in reference to the following sentence found under Appendix C, #5: "all other elements of ResourceName data member resource_name_component_list are optional." This can be found on page C-2 of the draft Adopted Specifications. Resolution: Reject. Revised Text: None Disposition: Resolved Disposition Parameter: None End of Annotations:===== Page: 9 [dsf1][Errata] There doesn't seem to be any such document on the OMG server. Page: 10 [dsf2][FTF] Missing word Page: 10 [dsf3][FTF] Missing word Page: 11 [dsf4][Errata] Remove: not appropriate for final submission Page: 12 [dsf5][Errata] Remove: not appropriate for final submission Page: 16 [dsf6][Errata] Ditto Page: 17 [dsf7][FTF] Grammar Page: 17 [dsf8] It isn't clear what the notation in these two diagrams is. They don't seem to be officially any of the standard UML diagrams. This makes some things unclear. For instance, there are three consults lines coming from Access Decsion. Do the consultations need to occur in any particular order? The text says that the Decision Combinator's decision is what finally returns to the client, but other than that the ordering (or whether an order is required) isn't clear. Page: 19 [dsf9][Errata] Although PolicyEvaluatorLocatorAdmin is referenced many times in the text of this document, including the table of contents, it is just a forward reference in this document's IDL and does not appear at all in the revised IDL (99-05-01).Not all instances of this were fixed. Page: 19 [dsf10]Why is this discussion under the administrative model rather than the access decision model? Page: 19 [dsf11][FTF] Grammar Page: 20 [dsf12]This UML diagram needs some work: 7 [Errata] By definition, the cardinality of a strong aggregation (black diamonds) on the aggregate side cannot be 1..* or 0..*. It can only be 0..1 or 1..1. 7 [Errata] It shows NO_ACCESS_POLICY being a subtype of PolicyName. It is actually a particular instance of PolicyName. This can be shown in UML 1.1 via a dependency from NO_ACCESS_POLICY to PolicyName with an <> stereotype. 7 [Errata] The AttributeList typedef would be better shown by a dependency from AttributeList to Security::AttributeList with a <> stereotype applied to the dependency. In the diagram it is shown as a navigable association which would mean that AttributeList literally holds a reference to Security::AttributeList. (Note that the <> dependency is not a standard UML stereotype--UML has no notion of typedef.) 7 [Errata] ResourceNamePattern is a typedef of ResourceName but in the UML diagram it is shown as a subtype of ResourceName. I recommend handling it similarly to the AttributeList typedef, i.e. making it a dependency from ResourceNamePattern to ResourceName, with a <> stereotype applied to the dependency. 7 [Errata] DecisionResultList is shown in the UML diagram but does not occur anywhere else in the document. 7 [Errata] DecisionCombinator and PolicyEvaluator are stereotyped as <> in the UML Information Model diagram, whereas in the computational model they are stereotyped as <>. I recommend stereotyping them both as <> because, in UML, <> is a standard stereotype of Class that restricts the class from having attributes. PolicyEvaluator has attributes. DecisionCombinator does not have attributes, but it nevertheless would be unwise to restrict its evolution unnecessarily. Also, a question arises: Are the multiplicities shown in the diagram normative? For example, consider the relationship between PolicyEvealuatorList and NamedPolicyEvaluator. The multiplicity on the aggregate side is 0..1, meaning that a NamedPolicyEvaluator can exist without being owned by a PolicyEvaluatorList. Is this specification normative? The multiplicity on agregee side is 0..*, meaning a valid PolicyEvaluatorList can be empty. Is this normative? Page: 21 [dsf13][Errata] The specification of AccessDecision as a singleton contradicts the 1..* multiplicity on the aggregate side of the relationship between AccessDecisionAdmin and AccessDecision in the UML diagram. If there can only be one instance of AccessDecision, then an AccessDecisionAdmin instance cannot be associated with more than one AccessDecision instance. [Errata] Similarly, specifying PolicyEvaluatorLocator as a singleton contradicts the multiplicity on the aggregate side of PolicyEvaluatorLocator's relationships with PolicyEvaluatorLocatorBasicAdmin and PolicyEvaluatorLocatorPatternAdmin. [Errata] Also, this section says nothing about which administrative interfaces are singletons. For example: Since AccessDecision is a singleton, and since the UML computatonal model says that an AccessDecision is associated with exactly one AccessDecisionAdmin, this would suggest (but not technically require) that AccessDecisionAdmin is also a singleton. Thinking about the functionality, since what an AccessDecisionAdmin does is encapsulate references to the singleton PolicyEvaluator Locator and to the singleton DynamicAttributeService, logically AccessDecisionAdmin should be a singleton. Page: 23 [dsf14][FTF] Grammar. Page: 26 [dsf15][Errata] This seems to imply by omission that value_string is allowed to be empty. If this is so, then it should be reflected in the UML diagram by specifying the multiplicity of value_string attribute as [0..1]. To do this, change "value_string : string" to "value_string [0..1] : string". Note that a multiplicity of [1] or [1..1] is the UML default for attributes. Quoting from the UML notation guide (ad/97-08-05): Note that a multiplicity of 0..1 provides for the possibility of null values: the absence of a value, as opposed to a particular value from the range. For example, the following declaration permits a dis-tinction between the null value and the empty string: name [0..1]: String Page: 26 [dsf16][Errata] Should be ResourceNameComponentList Page: 26 [dsf17][Errata] How is valid syntax defined? Page: 27 [dsf18]Why is NamedPolicyEvaluator not an interface that subtypes PolicyEvaluator? Why is it done this way, i.e. by containment rather than by subtyping? Is there a need to have the ability to provide the same PolicyEvaluator instance a different name in different contexts? Page: 27 [dsf19][Errata] This contradicts the UML diagram, which says that a PolicyNameList is a composition of 0..* PolicyName instances. To align the UML diagram with this text, the multiplicity should be changed to 1..*. Page: 28 [dsf20]{Errata] Then the UML diagram should show the multiplicity of evaluator_name as [0..1]. Page: 28 [dsf21][Errata] No such operation mentioned anywhere else in this document or in the revised IDL. Page: 28 [dsf22][Errata] This is an operation of PolicyEvaluatorLocatorBasicAdmin, not of PolicyEvaluatorLocatorAdmin which, as previously noted, does not exist. Page: 28 [dsf23][Errata] Which does not exist. These operations are in other interfaces. Page: 28 [dsf24][FTF] Replace "method" with "operation". CORBA does not define method. Page: 29 [dsf25]Call this something other than "ed" to distinguish it from the item in the other exceptions named "ed" which is an ExceptionData. Page: 30 [dsf26][Errata] Fatal rather than RadFatal, according to the IDL Page: 30 [dsf27][Errata] InternalError rathan RadInternalError, according to the IDL. Page: 30 [dsf28][Errata] Fatal rather than RadFatal, according to the IDL Page: 30 [dsf29][Errata] Spelling of operation name Page: 31 [dsf30]Is this a validity rule for all instances of PolicyEvaluatorList? (Note that no validity rules were given for PolicyEvaluatorList.) Page: 31 [dsf31][FTF] Grammar Page: 31 [dsf32][FTF] Grammar Page: 31 [dsf33][Errata] Instead of "in the invalid list" shouldn't this be "in the PolicyNameList" ? Page: 31 [dsf34][FTF] Grammar Page: 31 [dsf35]Why not have an exception specifically for an empty list? Page: 31 [dsf36][FTF] Grammar Page: 31 [dsf37][Errata] Spelling of interface name Page: 31 [dsf38][Errata] As far as I can see, no specification of what constitutes a valid or invalid datum is provided for PolicyEvaluatorList or for NamedPolicyEveluator, instances of which are members of a PolicyEvaluatorList. Page: 31 [dsf39]Same comment as #35 above Page: 32 [dsf40][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Page: 32 [dsf41]Note that preconditions such as this one would not have to be repetitively stated for many operations if the definitions of validity were explicitly characterized as invariants. Specification of invariants is a key concept in design by contract. From the standpoint of the computational model (i.e. from the computational viewpoint) invariants constitute universal pre and post conditions for all operations, although not every invariant is directly relevant to every operation. Since this document provides validity criteria for most (it's missing for a few) of the types, this work (i.e. formal specification of invariants) is mostly done. A few small adjustments would tie this all neatly together: 7 [FTF] Explicitly label the validity rules as invariants. 7 [FTF] Add a statement to the section on pre/postcondition semantics noting that the invariants are considered to be pre and postconditions for all operations. 7 [FTF] Remove the pre and postconditions that thus become redundant. (Note that this document is not consistent in repeating such validity rules as preconditions. For example, the set_evaluators( ) operation of PolicyEvaluationLocatorNameAdmin requires a ResoureName as input, yet does not specify any preconditions.) Page: 33 [dsf42][FTF] Grammar Page: 33 [dsf43][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Page: 33 [dsf44][FTF] This is stated rather imprecisely. It should say something to the effect that, in addtion to adding new attributes, the orginal attributes can be altered. Page: 33 [dsf45][FTF] Grammar Page: 34 [dsf46][FTF] Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Page: 34 [dsf47][FTF] Grammar Page: 34 [dsf48][FTF] Oddly phrased. Seems more appropriate for the bulk of this to be re-cast as a postcondition. Page: 34 [dsf49][FTF] Spelling Page: 35 [dsf50]Why is the return binary whereas evaluate( ) returns a ternary? Page: 35 [dsf51][FTF] Grammar Page: 36 [dsf52][Errata] The definition of PolicyEvaluatorList did not specify validity rules Page: 36 [dsf53][FTF] It should be possible to state a postcondition here, as is done for the access_allowed( ) and evaluate( ) operations. Page: 37 [dsf54]Why aren't these four operations modeled as two attributes? Page: 38 [dsf55][FTF] The rules in these two sentences could (and probably should) be framed as postconditions for get_policy_decision_evaluators. Page: 38 [dsf56][FTF] This way of specifying the postcondition would be more rigorous if default_evaluators were formally defined as a role of PolicyEvaluationList in a relationship between PolicyEvaluatorLocator and PolicyEvaluationList. The relationship and role could be defined via UML notation or by textual means. This same approach could be applied to many of the postconditions that follow. Page: 39 [dsf57][FTF] The explanation above of set_default_evaluators( ) stated how the defaults are overridden. For consistency it should be stated here how the default DecisionCombinator is overridden. Page: 39 [dsf58][FTF] This rule should probably be framed as a postcondition for get_policy_decision_evaluators. Page: 39 [dsf59][FTF] The declaration that the operation raises this exception appears to be defining how the object behaves when a precondition is not met, which contradicts the policy stated at the outset that such behavior is undefined. (Although "ResourceName is valid" is not stated as a precondition for this operation, this omission is inconsistent, as has already been pointed out, with other operations that require a ResourceName in-parameter. Truly, this validity requirement is a precondition.) Page: 39 [dsf60][Errata] I believe this should be ResourceName rather than ResourceNamePattern. Ditto for the remainder of the operations in this interface. Page: 43 [dsf61][FTF] Should be singular. Page: 43 [dsf62]This seems to suggest that in order for a name_string to conform to this second kind, must literally be equal to "*". However, the presentation given to CORBAmed shows that it can contain "*" but not literally be "*". The example in the presentation was something like "Red.*" Page: 43 [dsf63]Same comment as previous--value_string doesn't have to literally be equal to "*". Page: 44 [dsf64][Errata] Despite the helpful diagram, the pattern matching logic is hard to comprehend. I feel it imperative that several concrete examples be provided. Page: 46 [dsf65][Errata] Unclear Page: 49 [dsf66][Errata] In the postcondition this is called "policy_name" (singular), which is more logical. Page: 49 [dsf67][FTF] Should be included in the postconditions. Page: 50 [dsf68][Errata] Unclear. Does this mean all PolicyNames that have been input via set_policies( ), add_policies( ), and set_default_policy( ) and that have not been removed via delete_policies( )? Or does it mean all PolicyNames that exist in the system even if they haven't been attached via this interface? I would presume the former, but this should be clarified. Page: 51 [dsf69][FTF] Attribute, not data member Page: 61 [dsf70][FTF] This is the first time in the document that we've seen an example of a ResourceName. I recommend enhancing the useage scenario in the previous section to similarly show the anatomy of the ResourceName being used in the example. Page: 62 [dsf71]It might be a good idea for ResourceNameComponent to have a boolean data item indicating whether the component is mandatory or optional. X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:20:11 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178B] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: b1n!!cF~e9OZ7e9KTG!! Issue 3178B states: Why is this discussion under the administrative model rather than the access decision model? Clarification: This is issue 3178B. This comment is found at the end of the following sentence: "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" This can be located in section 1.2.2 Administrative Model, on page 1-5 of the draft Adopted Specification (3rd paragraph). Proposed resolution: Move the sentence "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" from section 1.2.2 to section 1.2.1 as the last sentence in the section. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:25:21 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178A] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: J3!"!h@'!!bCdd9lNTd9 Issue 3178A states: It isn't clear what the notation in these two diagrams is. They don't seem to be officially any of the standard UML diagrams. This makes some things unclear. For instance, there are three consults lines coming from Access Decsion. Do the consultations need to occur in any particular order? The text says that the Decision Combinator's decision is what finally returns to the client, but other than that the ordering (or whether an order is required) isn't clear. Clarification: This is issue 3178A. This comment is in reference to the text in the Access Decision Model, which can be found in section 1.2.1 of the draft Adopted Specification, page 1-4. Proposed solution: Reject. No change. The diagram was not intended to be UML. It is illustrative; the specification is fully defined in the text. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:48:23 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178C] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: eJ5!!SE=!!/aed9E[Yd9 Issue 3178C states: Why is NamedPolicyEvaluator not an interface that subtypes PolicyEvaluator? Why is it done this way, i.e. by containment rather than by subtyping? Is there a need to have the ability to provide the same PolicyEvaluator instance a different name in different contexts? Clarification: This is issue 3178C. Comment is referring to the struct NamedPolicyEvaluator in the "Types associated with evaluating Access Policy." This can be found in section 2.2.3, page 2-6 of the draft Adopted Specification. Proposed solution: Reject. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:48:36 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178D] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: hRb!!ag~e9@5/!!4BBe9 Issue 3178D states: [Errata] Fatal rather than RadFatal, according to the IDL references "If the ComponentError is RadFatal, the AccessDecision object must determine if it can continue to process without the component." [Errata] InternalError rathan RadInternalError, according to the IDL. references "If it cannot, it must throw a RadInternalError." [Errata] Fatal rather than RadFatal, according to the IDL references "with RadFatal." Clarification: This is issue 3178D. All three of these comments are related to text found under ComponentError in section 2.2.5 Exceptions, on page 2-10 of the draft Adopted Specification. Proposed resolution: Accept. Make the text match the names in the IDL. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:49:34 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178EE] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: %pbd9J6_!!nl$e9")dd9 Issue 3178EE states: Grammar Clarification: This is issue 3178EE. This comment refers to the following sentence found under InvalidPolicyEvaluatorList: "This exception is raised when a policy evalautor list, passed as a part of an operation arguments. This can be found in section 2.2.5 Exceptions, page 2-11. Proposed Resolution: Change sentence to read: "This exception is raised when a PolicyEvaluatorList contains invalid elements". _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 20:56:59 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: {RAD-FTF Issue 3178H] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: Vh`d9<&^!!0#Rd90>m!! Issue 3178H states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H. This comment is in reference to the AccessDecision Interface text, which can be found in section 2.3, page 2-12 of the draft Adopted Specification. Proposed resolution: Add the word "singleton" before the word object in the first sentence of section 2.3, page 2-12. "The singleton Access Decision object..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 21:18:38 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178E, F, G1] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: 'Bjd9dKSd9j[K!!beQd9 Issue 3178E states: [FTF] Grammar Clarification: This is issue 3178E. This is in reference to the following sentence under InvalidPolicyEvaluatorList: "first_invalid_element is first named policy evalautor in the invalid list which caused the list to be invalid." This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Issue 3178F states: [Errata] Instead of "in the invalid list" shouldn't this be "in the PolicyNameList" ? Clarification: This is issue 3178F and references the same sentence in 3178E. Issue 3178G states: Same comment as #35 above Clarification: This is issue 3178G1. KB replied with the same comment as above. Proposed resolution to all: change referenced statement to read "first_invalid_element is the first named policy evaluator in the PolicyNameList which caused the list to be invalid." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 21:24:17 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178I] Discussion Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: ZN,!!:jW!!NT\!!A-Ke9 Issue 3178H states: Note that preconditions such as this one would not have to be repetitively stated for many operations if the definitions of validity were explicitly characterized as invariants. Specification of invariants is a key concept in design by contract. From the standpoint of the computational model (i.e. from the computational viewpoint) invariants constitute universal pre and post conditions for all operations, although not every invariant is directly relevant to every operation. Since this document provides validity criteria for most (it's missing for a few) of the types, this work (i.e. formal specification of invariants) is mostly done. A few small adjustments would tie this all neatly together: 7 [FTF] Explicitly label the validity rules as invariants. 7 [FTF] Add a statement to the section on pre/postcondition semantics noting that the invariants are considered to be pre and postconditions for all operations. 7 [FTF] Remove the pre and postconditions that thus become redundant. (Note that this document is not consistent in repeating such validity rules as preconditions. For example, the set_evaluators( ) operation of PolicyEvaluationLocatorNameAdmin requires a ResoureName as input, yet does not specify any preconditions.) Clarification: This is issue 3178I. This comment is in reference to the preconditions found under access_allowed(). You can find this in section 2.3, on page 2-13 of the draft Adopted Specifications. Comments: I am planning to propose rejection with no change unless another member of the FTF feels that this was a detriment to implementation and wants to document the precise editing changes that this proposed change would require. We did not find this an issue during implementation. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 21:27:01 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178G2] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: b]Fe9^ZA!!V9&e97aKe9 Issue 3178G2 states: Grammar Clarification: This is issue 3178G2. This comment is in reference to the following sentence found under postconditions of multiple_access_allowed(): "Where an authorization decision ==authorization decision for the requested operation on the specified resource name by a principal with the specified security attributes. This can be found in section 2.3, on page 2-13 of the draft Adopted Specification. Proposed resolution: remove the offending sentence fragment. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 09 Aug 2000 21:34:02 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178H] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: ZC>!!Q+;e9/4Ud98BIe9 Issue 3178H states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H. This comment is in reference to the DynamicAttributeService Interface text, which can be found in section 2.4, page 2-13 of the draft Adopted Specification. Proposed resolution: change the first sentence in section 2.13 to begin: "The singleton DynamicAttributeService..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178B] Proposed resolution Date: Thu, 10 Aug 2000 09:20:07 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809201655.00b2a790@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: _Na!!ehTd997k!!j=+!! Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:20 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178B] Proposed resolution Issue 3178B states: Why is this discussion under the administrative model rather than the access decision model? Clarification: This is issue 3178B. This comment is found at the end of the following sentence: "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" This can be located in section 1.2.2 Administrative Model, on page 1-5 of the draft Adopted Specification (3rd paragraph). Proposed resolution: Move the sentence "This combinator is responsible for taking the results of the PolicyEvaluators evaluate() method and making a final access decision" from section 1.2.2 to section 1.2.1 as the last sentence in the section. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178A] Proposed Resolution Date: Thu, 10 Aug 2000 09:20:08 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809200505.00b2a388@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: HWU!!'QV!!;gmd99IIe9 Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:25 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178A] Proposed Resolution Issue 3178A states: It isn't clear what the notation in these two diagrams is. They don't seem to be officially any of the standard UML diagrams. This makes some things unclear. For instance, there are three consults lines coming from Access Decsion. Do the consultations need to occur in any particular order? The text says that the Decision Combinator's decision is what finally returns to the client, but other than that the ordering (or whether an order is required) isn't clear. Clarification: This is issue 3178A. This comment is in reference to the text in the Access Decision Model, which can be found in section 1.2.1 of the draft Adopted Specification, page 1-4. Proposed solution: Reject. No change. The diagram was not intended to be UML. It is illustrative; the specification is fully defined in the text. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178D] Proposed resolution Date: Thu, 10 Aug 2000 09:20:08 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809202542.00b5d858@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: GkU!!faDe9~!p!!D8>e9 Wasn't there another issue that suggested changing the IDL to use the RAD prefix to avoid clashes with names of Java classes? -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:49 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178D] Proposed resolution Issue 3178D states: [Errata] Fatal rather than RadFatal, according to the IDL references "If the ComponentError is RadFatal, the AccessDecision object must determine if it can continue to process without the component." [Errata] InternalError rathan RadInternalError, according to the IDL. references "If it cannot, it must throw a RadInternalError." [Errata] Fatal rather than RadFatal, according to the IDL references "with RadFatal." Clarification: This is issue 3178D. All three of these comments are related to text found under ComponentError in section 2.2.5 Exceptions, on page 2-10 of the draft Adopted Specification. Proposed resolution: Accept. Make the text match the names in the IDL. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178EE] Proposed resolution Date: Thu, 10 Aug 2000 09:20:09 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809203904.00b3a548@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: ^O-e9/:#e9BCgd9]o-!! Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:50 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178EE] Proposed resolution Issue 3178EE states: Grammar Clarification: This is issue 3178EE. This comment refers to the following sentence found under InvalidPolicyEvaluatorList: "This exception is raised when a policy evalautor list, passed as a part of an operation arguments. This can be found in section 2.2.5 Exceptions, page 2-11. Proposed Resolution: Change sentence to read: "This exception is raised when a PolicyEvaluatorList contains invalid elements". _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: {RAD-FTF Issue 3178H] Proposed resolution Date: Thu, 10 Aug 2000 09:20:10 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809204946.00b60828@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: 9E#e9n2>e9@[k!!9k0!! Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:57 PM To: rad-ftf@omg.org Subject: {RAD-FTF Issue 3178H] Proposed resolution Issue 3178H states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H. This comment is in reference to the AccessDecision Interface text, which can be found in section 2.3, page 2-12 of the draft Adopted Specification. Proposed resolution: Add the word "singleton" before the word object in the first sentence of section 2.3, page 2-12. "The singleton Access Decision object..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178E, F, G1] Proposed resolution Date: Thu, 10 Aug 2000 09:20:11 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809202933.00b62da8@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: UF(!!N4=!!j7He9dGA!! Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 10:19 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178E, F, G1] Proposed resolution Issue 3178E states: [FTF] Grammar Clarification: This is issue 3178E. This is in reference to the following sentence under InvalidPolicyEvaluatorList: "first_invalid_element is first named policy evalautor in the invalid list which caused the list to be invalid." This can be found in section 2.2.5 Exceptions, page 2-11 of the draft Adopted Specification. Issue 3178F states: [Errata] Instead of "in the invalid list" shouldn't this be "in the PolicyNameList" ? Clarification: This is issue 3178F and references the same sentence in 3178E. Issue 3178G states: Same comment as #35 above Clarification: This is issue 3178G1. KB replied with the same comment as above. Proposed resolution to all: change referenced statement to read "first_invalid_element is the first named policy evaluator in the PolicyNameList which caused the list to be invalid." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178H] Proposed resolution Date: Thu, 10 Aug 2000 09:20:42 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal In-Reply-To: <4.3.2.7.2.20000809212759.00b33df8@mindspring.com> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: #RI!!k:Ie9&G%"!L0X!! Ok. -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 10:34 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178H] Proposed resolution Issue 3178H states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H. This comment is in reference to the DynamicAttributeService Interface text, which can be found in section 2.4, page 2-13 of the draft Adopted Specification. Proposed resolution: change the first sentence in section 2.13 to begin: "The singleton DynamicAttributeService..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 14:19:24 -0500 To: rad-ftf@omg.org, "Chris White" From: Carol Burt Subject: RE: [RAD-FTF Issue 3178D] Proposed resolution In-Reply-To: References: <4.3.2.7.2.20000809202542.00b5d858@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: hU=!!*-bd9dP(!!;$4e9 Hi, Yes. that is issue 3255 and I happen to think this is a good idea... I was responding to the error as noted so we can close this one to change it to match the IDL and then change it back if people agree, or we can link these two errors... I take this to mean that you approve in the change of exception names? Carol At 09:20 AM 8/10/2000 -0400, you wrote: Wasn't there another issue that suggested changing the IDL to use the RAD prefix to avoid clashes with names of Java classes? -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Wednesday, August 09, 2000 9:49 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178D] Proposed resolution Issue 3178D states: [Errata] Fatal rather than RadFatal, according to the IDL references "If the ComponentError is RadFatal, the AccessDecision object must determine if it can continue to process without the component." [Errata] InternalError rathan RadInternalError, according to the IDL. references "If it cannot, it must throw a RadInternalError." [Errata] Fatal rather than RadFatal, according to the IDL references "with RadFatal." Clarification: This is issue 3178D. All three of these comments are related to text found under ComponentError in section 2.2.5 Exceptions, on page 2-10 of the draft Adopted Specification. Proposed resolution: Accept. Make the text match the names in the IDL. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 20:57:58 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178H3] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: CM#!!jJfd9%aEe9c^4e9 Issue 3178H3 states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H3. This comment is in reference to the PolicyEvaluatorLocator Interface text, which can be found in section 2.5, page 2-14 of the draft Adopted Specification. Proposed resolution: Change the first sentence in 2.5 to begin "The singleton PolicyEvaluatorLocator..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:03:40 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178G3] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: )DH!!4;j!!6Kgd9Qdcd9 Issue 3178G3 states: Grammar Clarification: This is issue 3178G3. This comment is in reference to the following sentence under get_dynamic_attributes(): "The service may add or remove SecAttributes to this list." This can be found in section 2.4, page 2-14 of the draft Adopted Specification. Proposed resolution: Change the text to read "The service may add SecAttributes to this list, or remove SecAttributes from this list." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:16:32 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178G4] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: ,5[!!70$!!c~Oe9_Y`d9 Issue 3178G4 states: ] Grammar Clarification: This is issue 3178G4. This comment is in reference to following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Proposed Resolution: Remove the sentence and replace it with the following "A PolicyDecisionEvaluators structure is returned to the client. A PolicyDecisionEvaluators structure contains a PolicyEvaluatorList and the DecisionCombinator." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:23:46 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178K] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: SScd9ni)e9`N`d9GT%!! Issue 3178K states: Oddly phrased. Seems more appropriate for the bulk of this to be re-cast as a postcondition. Clarification: This is issue 3178K. This comment is in reference to the following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Proposed Resolution: This is resolved by the proposed resolution to issue 3178G4 (same sentence). _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:29:36 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF] Issue 3178G5 Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: 5W+!!+M]d9#%3!!RQ1!! Issue 3178G5 states: Grammar Reply: This is issue 3178G. This comment is in reference to the following sentence found in the text directly beneath the DecisionCombinator interface idl: "The DecisionCombinator interface is used to encapsulate the policy for the way that decisions of multiple PolicyEvaluators is combined." This can be found in section 2.6, page 2-15 of the draft Adopted Specification. Proposed resolution: Change the sentence to read: "The DecisionCombinator interface is used to encapsulate a policy for combining decisions of multiple consulted PolicyEvaluators that may disagree." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:36:23 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178L] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: USX!!,)T!!0a)e9FNUd9 Issue 3178L states: It should be possible to state a postcondition here, as is done for the access_allowed( ) and evaluate( ) operations. Clarification: This is issue 3178L. This is in reference to the statement that there are no postconditions for combine_decisions. This can be found in section 2.6, page 2-17 of the draft Adopted Specification. Proposed Resolution: No Change. The return from the operation is a boolean. There were no issues for implementors that no postcondition was stated. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:40:01 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178M] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: AP>!!$pZ!!GL~!!+1;e9 Issue 3178M states: Why aren't these four operations modeled as two attributes? Reply: This is issue 3178M. This is in reference to AccessDecisionAdmin interface. This can be found in section 2.8, page 2-18 of the draft Adopted Specification. Proposed Resolution: Non a issue. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:43:12 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178K2] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: ;4Q!!Z'Ke9k2m!!,mjd9 Issue 3178K2 states: The rules in these two sentences could (and probably should) be framed as postconditions for get_policy_decision_evaluators. Clarification: This is issue 3178K2. This comment is in reference to the following sentence under set_default_evaluators: "Default evaluators are overridden by the add_evaluators() or replace_evaluators() methods. The default evaluators will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method when no PolicyEvaluators have been explicitly assigned for a ResourceName." This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Proposed Resolution: Not an issue for implementors. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Thu, 10 Aug 2000 21:46:36 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178O] Proposed Resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: 95\d9AL/!!;kG!!L[8!! Issue 3178O states: This way of specifying the postcondition would be more rigorous if default_evaluators were formally defined as a role of PolicyEvaluationList in a relationship between PolicyEvaluatorLocator and PolicyEvaluationList. The relationship and role could be defined via UML notation or by textual means. This same approach could be applied to many of the postconditions that follow. Clarification: This is issue 3178O. This comment is in reference to the postcondition stated under set_default_evaluators, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Proposed resolution: Not an issue for implementors. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Fri, 11 Aug 2000 08:24:17 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178H2] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: 9p9!!S++e9FSNd922?!! The following was actually H2 (all Hx issues are ones that ask for a singleton word added in text... all Ex issues are those that are grammar). H3 coming up... Issue 3178H states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H. This comment is in reference to the DynamicAttributeService Interface text, which can be found in section 2.4, page 2-13 of the draft Adopted Specification. Proposed resolution: change the first sentence in section 2.13 to begin: "The singleton DynamicAttributeService..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Sender: bburt@mindspring.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Fri, 11 Aug 2000 09:56:33 -0500 To: Carol Burt , rad-ftf@omg.org From: Bob Burt Subject: Re: [RAD-FTF Issue 3178H2] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-UIDL: np(!!NWj!!a4c!!02[!! Perhaps this is picky or perhaps I am wrong, but it seems to me that there is a difference between a Singleton (a class/interface that can create only one instance) and the fact that a service holds only one object reference for a given interface at any given time. AccesDecision/AccessDecisionAdmin might fit my definition of singleton, but DynamicAttributeService and PolicyEvaluatorLocator would not. At 08:24 AM 8/11/00 -0500, Carol Burt wrote: >The following was actually H2 (all Hx issues are ones that ask for a >singleton word added in text... all Ex issues are those that are >grammar). H3 coming up... > >>Issue 3178H states: Elsewhere it was stated that this interface is a >>singleton. That should be stated here, the site of the primary >>specification of the interface. >> >>Clarification: This is issue 3178H. This comment is in reference to the >>DynamicAttributeService Interface text, which can be found in section 2.4, >>page 2-13 of the draft Adopted Specification. >> >>Proposed resolution: change the first sentence in section 2.13 to >>begin: "The singleton DynamicAttributeService..." >>_________________________________________________________ >>Carol Burt 2AB, Inc. >>cburt@2ab.com www.2ab.com >>205-621-7455 ext 103 >>Member, OMG Architecture Board OMG Domain Member >>_________________________________________________________ >> "Solutions for Distributed Business (SM)" > >_________________________________________________________ >Carol Burt 2AB, Inc. >cburt@2ab.com www.2ab.com >205-621-7455 ext 103 >Member, OMG Architecture Board OMG Domain Member >_________________________________________________________ > "Solutions for Distributed Business (SM)" > > >_________________________________________________________ >Carol Burt 2AB, Inc. >cburt@2ab.com www.2ab.com >205-621-7455 ext 103 >Member, OMG Architecture Board OMG Domain Member >_________________________________________________________ > "Solutions for Distributed Business (SM)" > > From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178H3] Proposed resolution Date: Fri, 11 Aug 2000 12:40:24 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810205148.00b2a1c0@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: )C;e9E?%e9a+8!!HdV!! OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 9:58 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178H3] Proposed resolution Issue 3178H3 states: Elsewhere it was stated that this interface is a singleton. That should be stated here, the site of the primary specification of the interface. Clarification: This is issue 3178H3. This comment is in reference to the PolicyEvaluatorLocator Interface text, which can be found in section 2.5, page 2-14 of the draft Adopted Specification. Proposed resolution: Change the first sentence in 2.5 to begin "The singleton PolicyEvaluatorLocator..." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178K] Proposed Resolution Date: Fri, 11 Aug 2000 12:40:25 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810211635.00b305e8@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: W])!!dB)e9>d=e9D/&e9 OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:24 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178K] Proposed Resolution Issue 3178K states: Oddly phrased. Seems more appropriate for the bulk of this to be re-cast as a postcondition. Clarification: This is issue 3178K. This comment is in reference to the following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Proposed Resolution: This is resolved by the proposed resolution to issue 3178G4 (same sentence). _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF] Issue 3178G5 Proposed Resolution Date: Fri, 11 Aug 2000 12:40:29 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810212351.00b6f5a0@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: f~nd9gEZ!!b)Oe9a8U!! OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:30 PM To: rad-ftf@omg.org Subject: [RAD-FTF] Issue 3178G5 Proposed Resolution Issue 3178G5 states: Grammar Reply: This is issue 3178G. This comment is in reference to the following sentence found in the text directly beneath the DecisionCombinator interface idl: "The DecisionCombinator interface is used to encapsulate the policy for the way that decisions of multiple PolicyEvaluators is combined." This can be found in section 2.6, page 2-15 of the draft Adopted Specification. Proposed resolution: Change the sentence to read: "The DecisionCombinator interface is used to encapsulate a policy for combining decisions of multiple consulted PolicyEvaluators that may disagree." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178G3] Proposed Resolution Date: Fri, 11 Aug 2000 12:40:30 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810205848.00b31fb8@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: :Q1!!P6pd9l(Xd9]l6e9 OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:04 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178G3] Proposed Resolution Issue 3178G3 states: Grammar Clarification: This is issue 3178G3. This comment is in reference to the following sentence under get_dynamic_attributes(): "The service may add or remove SecAttributes to this list." This can be found in section 2.4, page 2-14 of the draft Adopted Specification. Proposed resolution: Change the text to read "The service may add SecAttributes to this list, or remove SecAttributes from this list." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178K2] Proposed Resolution Date: Fri, 11 Aug 2000 12:40:31 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810214106.00b73390@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: #o!!!WRO!!DRhd9=Hmd9 OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:43 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178K2] Proposed Resolution Issue 3178K2 states: The rules in these two sentences could (and probably should) be framed as postconditions for get_policy_decision_evaluators. Clarification: This is issue 3178K2. This comment is in reference to the following sentence under set_default_evaluators: "Default evaluators are overridden by the add_evaluators() or replace_evaluators() methods. The default evaluators will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method when no PolicyEvaluators have been explicitly assigned for a ResourceName." This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Proposed Resolution: Not an issue for implementors. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178O] Proposed Resolution Date: Fri, 11 Aug 2000 12:40:32 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810214337.00b49958@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: Tg3!!+:b!!<)9!!-*"!! OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:47 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178O] Proposed Resolution Issue 3178O states: This way of specifying the postcondition would be more rigorous if default_evaluators were formally defined as a role of PolicyEvaluationList in a relationship between PolicyEvaluatorLocator and PolicyEvaluationList. The relationship and role could be defined via UML notation or by textual means. This same approach could be applied to many of the postconditions that follow. Clarification: This is issue 3178O. This comment is in reference to the postcondition stated under set_default_evaluators, which can be found in section 2.8, page 2-20 of the draft Adopted Specification. Proposed resolution: Not an issue for implementors. No change. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178G4] Proposed Resolution Date: Fri, 11 Aug 2000 12:40:33 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810210439.00b6f4a0@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: U#d!!-LIe9o[j!!fWIe9 OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:17 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178G4] Proposed Resolution Issue 3178G4 states: ] Grammar Clarification: This is issue 3178G4. This comment is in reference to following sentence found under get_policy_decision_evaluators(): "A PolicyDecisionEvaluators structure, which contains a list of NamedPolicyEvaluator consisting of the names of the PolicyEvaluators and their object references, and the DecisionCombinator object reference for the resource is returned to the client." This can be found in section 2.5, page 2-15 of the draft Adopted Specification. Proposed Resolution: Remove the sentence and replace it with the following "A PolicyDecisionEvaluators structure is returned to the client. A PolicyDecisionEvaluators structure contains a PolicyEvaluatorList and the DecisionCombinator." _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" From: "Chris White" To: "Carol Burt" , Subject: RE: [RAD-FTF Issue 3178L] Proposed Resolution Date: Fri, 11 Aug 2000 12:42:23 -0400 Message-ID: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <4.3.2.7.2.20000810212939.00b6f960@mindspring.com> Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6600 Content-Type: text/plain; charset="iso-8859-1" X-UIDL: (e>!!!:[d9Gg/e9lX]!! OK -----Original Message----- From: Carol Burt [mailto:cburt@2ab.com] Sent: Thursday, August 10, 2000 10:36 PM To: rad-ftf@omg.org Subject: [RAD-FTF Issue 3178L] Proposed Resolution Issue 3178L states: It should be possible to state a postcondition here, as is done for the access_allowed( ) and evaluate( ) operations. Clarification: This is issue 3178L. This is in reference to the statement that there are no postconditions for combine_decisions. This can be found in section 2.6, page 2-17 of the draft Adopted Specification. Proposed Resolution: No Change. The return from the operation is a boolean. There were no issues for implementors that no postcondition was stated. _________________________________________________________ Carol Burt 2AB, Inc. cburt@2ab.com www.2ab.com 205-621-7455 ext 103 Member, OMG Architecture Board OMG Domain Member _________________________________________________________ "Solutions for Distributed Business (SM)" X-Authentication-Warning: marcy.adiron.com: polar owned process doing -bs Date: Fri, 11 Aug 2000 14:54:34 -0400 (EDT) From: Polar Humenn To: Chris White cc: Carol Burt , rad-ftf@omg.org Subject: RE: [RAD-FTF Issue 3178K2] Proposed Resolution In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-UIDL: S4/!!i?Vd9W73!!MID!! Okay on this one, but I do think you should change the words "method[s]" to "operation[s]" in keeping with CORBA terminology. -Polar On Fri, 11 Aug 2000, Chris White wrote: > OK > > -----Original Message----- > From: Carol Burt [mailto:cburt@2ab.com] > Sent: Thursday, August 10, 2000 10:43 PM > To: rad-ftf@omg.org > Subject: [RAD-FTF Issue 3178K2] Proposed Resolution > > > Issue 3178K2 states: The rules in these two sentences could (and > probably > should) be framed as postconditions for > get_policy_decision_evaluators. > > Clarification: This is issue 3178K2. This comment is in reference > to the > following sentence under set_default_evaluators: "Default evaluators > are > overridden by the add_evaluators() or replace_evaluators() methods. > The > default evaluators will be returned by the PolicyEvaluatorLocator > get_policy_decision_evaluators() method when no PolicyEvaluators > have been > explicitly assigned for a ResourceName." This can be found in > section 2.8, > page 2-20 of the draft Adopted Specification. > > Proposed Resolution: Not an issue for implementors. No change. > _________________________________________________________ > Carol Burt 2AB, Inc. > cburt@2ab.com www.2ab.com > 205-621-7455 ext 103 > Member, OMG Architecture Board OMG Domain Member > _________________________________________________________ > "Solutions for Distributed Business (SM)" ------------------------------------------------------------------- Polar Humenn Adiron, LLC mailto:polar@adiron.com 2-212 CST Phone: 315-443-3171 Syracuse, NY 13244-4100 Fax: 315-443-4745 http://www.adiron.com X-Sender: carolbrt@mindspring.com X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Sat, 12 Aug 2000 13:30:30 -0500 To: rad-ftf@omg.org From: Carol Burt Subject: [RAD-FTF Issue 3178P] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: 4 Subject: [RAD-FTF Issue 3178K3] Proposed resolution Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed X-UIDL: @[p!!cf,!!odXd9hcod9 Issue 3178K3 states: This rule should probably be framed as a postcondition for get_policy_decision_evaluators. Clarification: This is issue 3178K3. This comment is in reference to the following sentence found under set_default_combinator: "This combinator will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() method for these resources. This can be found in section 2.8, page 2-20 of the draft Adopted Specification. Proposed Resolution: This was not an issue for implementors. Reject request to frame as a postcondition. Change, however, the sentence to read: "This combinator will be returned by the PolicyEvaluatorLocator get_policy_decision_evaluators() operation for these resources." _________________________________________________________ Carol Burt