Re: [media-types] Fwd: New Version Notification for draft-sinnema-xacml-media-type-05.txt

Erik Wilde <dret@berkeley.edu> Tue, 16 July 2013 11:09 UTC

Message-ID: <51E529CB.9010309@berkeley.edu>
Date: Tue, 16 Jul 2013 13:08:59 +0200
From: Erik Wilde <dret@berkeley.edu>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:17.0) Gecko/20130620 Thunderbird/17.0.7
MIME-Version: 1.0
To: "\"Martin J. Dürst\"" <duerst@it.aoyama.ac.jp>, media-types@ietf.org
References: <20130618163623.21184.36942.idtracker@ietfa.amsl.com> <51DC0C8F.30804@berkeley.edu> <51E50F98.1030603@it.aoyama.ac.jp>
In-Reply-To: <51E50F98.1030603@it.aoyama.ac.jp>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc: Rémon Sinnema <remon.sinnema@emc.com>, Nevil Brownlee <rfc-ise@rfc-editor.org>
Subject: Re: [media-types] Fwd: New Version Notification for draft-sinnema-xacml-media-type-05.txt
Precedence: list

On 2013-07-16 11:17 , "Martin J. Dürst" wrote:
> Please send the registration template, not just a reference to the
> document. This will significantly increase your chance to get review
> comments.

thanks for the tip! here's the registration template from the draft 
(yes, it's a long one...), feedback or comments very welcome!

2.  IANA Considerations

    This specification registers an XML-based media type for the
    eXtensible Access Control Markup Language (XACML) that will be
    registered with the Internet Assigned Numbers Authority (IANA)
    following the "Media Type Specifications and Registration Procedures"
    [RFC6838].  The XACML media type represents an XACML request,
    response, or policy in the XML-based format defined by the core XACML
    specification [XACML-3].

2.1.  XACML Media Type application/xacml+xml

    This specification requests the registration of an XML-based media
    type for the eXtensible Access Control Markup Language (XACML).

2.1.1.  Media Type Name

    application

2.1.2.  Subtype Name

    xacml+xml

2.1.3.  Required Parameters

    none

2.1.4.  Optional Parameters

    charset: The charset parameter is the same as the charset parameter
    of application/xml [RFC3023].

    version: The version parameter indicates the version of the XACML
    specification.  It can be used for content negotiation when dealing
    with clients and servers that support multiple XACML versions.  Its
    range is the range of published XACML versions.  As of this writing
    that is: 1.0 [XACML-1], 1.1 [XACML-1.1], 2.0 [XACML-2], and 3.0
    [XACML-3].  These and future version identifiers consist of a series
    of non-negative decimal numbers with no leading zeros separated by
    dots, where the first decimal must be positive.  If this parameter is
    not specified by the client, the server is free to return any version
    it deems fit.  If a client cannot or does not want to deal with that,
    it should explicitly specify a version.

2.1.5.  Encoding Considerations

    Same as for application/xml [RFC3023].

2.1.6.  Security Considerations

    Per their specification, application/xacml+xml typed objects do not
    contain executable content.  However, these objects are XML-based,
    and thus they have all of the general security considerations
    presented in section 10 of RFC 3023 [RFC3023].

    XACML [XACML-3] contains information whose integrity and authenticity
    is important - identity provider and service provider public keys and
    endpoint addresses, for example.  Sections "9.2.1 Authentication" and
    "9.2.4 Policy Integrity" in XACML [XACML-3] describe requirements and
    considerations for such authentication and integrity protection.

    To counter potential issues, the publisher may sign application/
    xacml+xml typed objects.  Any such signature should be verified by
    the recipient of the data - both as a valid signature, and as being
    the signature of the publisher.  The XACML v3.0 XML Digital Signature
    Profile [XACML-3-DSig] describes how to use XML-based digital
    signatures with XACML.

    Additionally, various of the possible publication protocols, for
    example HTTPS, offer means for ensuring the authenticity of the
    publishing party and for protecting the policy in transit.

2.1.7.  Interoperability Considerations

    Different versions of XACML use different XML namespace URIS:

    o  1.0 & 1.1 use the urn:oasis:names:tc:xacml:1.0:policy XML
       namespace URI for policies, and the
       urn:oasis:names:tc:xacml:1.0:context XML namespace URI for
       requests and responses

    o  2.0 uses the urn:oasis:names:tc:xacml:2.0:policy XML namespace URI
       for policies, and the urn:oasis:names:tc:xacml:2.0:context XML
       namespace URI for requests and responses

    o  3.0 uses the urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 XML
       namespace URI for policies, requests, and responses

    Signed XACML has a wrapping SAML 2.0 assertion [SAML-2], which uses
    the urn:oasis:names:tc:SAML:2.0:assertion namespace URI.
    Interoperability with SAML is defined by the SAML 2.0 Profile of
    XACML [XACML-3-SAML] for all versions of XACML.

2.1.8.  Applications which use this media type

    Potentially any application implementing or using XACML, as well as
    those applications implementing or using specifications based on
    XACML.

2.1.9.  Magic number(s)

    In general, the same as for application/xml [RFC3023].  In
    particular, the XML document element of the returned object will be
    one of xacml:Policy, xacml:PolicySet, context:Request, or context:
    Response.  The xacml and context prefixes differ for the various
    versions of XACML as follows:

    o  1.0 & 1.1: The xacml prefix maps to
       urn:oasis:names:tc:xacml:1.0:policy, the context prefix maps to
       urn:oasis:names:tc:xacml:1.0:context

    o  2.0: The xacml prefix maps to urn:oasis:names:tc:xacml:2.0:policy,
       the context prefix maps to urn:oasis:names:tc:xacml:2.0:context

    o  3.0: Both the xacml and context prefixes map to the namespace URI
       urn:oasis:names:tc:xacml:3.0:core:schema:wd-17

    For signed XACML [XACML-3-DSig], the XML document element is saml:
    Assertion, where the saml prefix maps to the SAML 2.0 namespace URI
    urn:oasis:names:tc:SAML:2.0:assertion [SAML-2]

2.1.10.  File extension(s)

    none

2.1.11.  Macintosh File Type Code(s)

    none

2.1.12.  Person & email address to contact for further information

    This registration is made on behalf of the OASIS eXtensible Access
    Control Markup Language Technical Committee (XACMLTC).  Please refer
    to the XACMLTC website for current information on committee
    chairperson(s) and their contact addresses:
    http://www.oasis-open.org/committees/xacml/.  Committee members
    should submit comments and potential errata to the
    xacml@lists.oasis-open.org list.  Others should submit them by
    filling out the web form located at http://www.oasis-open.org/
    committees/comments/form.php?wg_abbrev=xacml.

    Additionally, the XACML developer community email distribution list,
    xacml-dev@lists.oasis-open.org, may be employed to discuss usage of
    the application/xacml+xml MIME media type.  The xacml-dev mailing
    list is publicly archived here:
    http://www.oasis-open.org/archives/xacml-dev/.  To post to the xacml-
    dev mailing list, one must subscribe to it.  To subscribe, visit the
    OASIS mailing list page at http://www.oasis-open.org/mlmanage/.

2.1.13.  Intended Usage

    Common

2.1.14.  Author/Change Controller

    The XACML specification sets are a work product of the OASIS
    eXtensible Access Control Markup Language Technical Committee
    (XACMLTC).  OASIS and the XACMLTC have change control over the XACML
    specification sets.


> On 2013/07/09 22:13, Erik Wilde wrote:
>> we have been advised that proposals for new media types should be
>> announced on media-types@ietf.org. attached please find our proposal for
>> an "eXtensible Access Control Markup Language (XACML) XML Media Type".
>> any feedback or comments would be greatly appreciated.
>>
>> thanks and kind regards,
>>
>> erik wilde | mailto:dret@berkeley.edu - tel:+1-510-2061079 |
>> | UC Berkeley - School of Information (ISchool) |
>> | http://dret.net/netdret http://twitter.com/dret |
>>
>> -------- Original Message --------
>> Subject: New Version Notification for
>> draft-sinnema-xacml-media-type-05.txt
>> Date: Tue, 18 Jun 2013 12:36:23 -0400
>> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
>>
>> A new version of I-D, draft-sinnema-xacml-media-type-05.txt
>> has been successfully submitted by Remon Sinnema and posted to the
>> IETF repository.
>>
>> Filename: draft-sinnema-xacml-media-type
>> Revision: 05
>> Title: eXtensible Access Control Markup Language (XACML) XML Media Type
>> Creation date: 2013-06-18
>> Group: Individual Submission
>> Number of pages: 9
>> URL: http://www.ietf.org/internet-drafts/draft-sinnema-xacml-media-type-05.txt
>> Status: http://datatracker.ietf.org/doc/draft-sinnema-xacml-media-type
>> Htmlized: http://tools.ietf.org/html/draft-sinnema-xacml-media-type-05
>> Diff: http://www.ietf.org/rfcdiff?url2=draft-sinnema-xacml-media-type-05
>>
>> Abstract:
>> This specification registers an XML-based media type for the
>> eXtensible Access Control Markup Language (XACML).
>>
>> Note to Readers
>>
>> This draft should be discussed on the apps-discuss mailing list [1].
>> Online access to all versions and files is available on github [2].

thanks and cheers,

dret.

-- 
erik wilde | mailto:dret@berkeley.edu  -  tel:+1-510-2061079 |
            | UC Berkeley  -  School of Information (ISchool) |
            | http://dret.net/netdret http://twitter.com/dret |

[media-types] Fwd: New Version Notification for d… Erik Wilde
Re: [media-types] Fwd: New Version Notification f… Martin J. Dürst
Re: [media-types] Fwd: New Version Notification f… Erik Wilde