> > 1) XACML policies will be stored as Fedora Objects with a > > specified content model and PID namespace > > I am curious - what is the motivation for specifying a PID namespace > dedicated to policies? We don't use special namespacaces > differentiating SDeps, SDefs, or CModels - cmodels are sufficient for > that. We have used a specific namespace such as > 'fedora-system' in the > past to denote core objects (such as the foundational > CModels) that are > introduced into the repository upon bootstrap. I think that > convention > would also be a valid approach for policies, unless I am missing > something. I am worried that prescribing a single namespace for all > policies might be unnecessarily restrictive.
It certainly shouldn't be prescriptive. This relates more to the policy manager service which is not exposed in FeSL - so what PID to use when generating new policy objects. It wouldn't be used to differentiate between (for instance) policy objects and other objects. There will be some bootstrap policies - so this namespace would apply to those. I guess the config parameter should have a "blank" option - equivalent to calling getNextPID without specifying a namespace. > > > config-pdm-fedora.xml (new file): > > - content model for Policy objects > > - datastream identifier for XACML policy datastreams (POLICY) > > - PID namespace for policy objects (policy:) > > Regarding the datastream identifier for XACML policies - does > that refer > to 'local' policies that are specified at the object level (e.g. the > presence of a datastream matching the configured value (e.g. > POLICY) in > any object means that the policy therein applies to that specific > object) > Actually I was thinking of policies as stand-alone objects, rather than also having POLICY datastreams in "conventional" Fedora objects, so that parameter was to identify which datastream contains the XACML. I'd be interested in hearing if there's much demand for having policy datastreams within data objects. ------------------------------------------------------------------------------ SOLARIS 10 is the OS for Data Centers - provides features such as DTrace, Predictive Self Healing and Award Winning ZFS. Get Solaris 10 NOW http://p.sf.net/sfu/solaris-dev2dev _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
