Obviously there will be some scope issues with each of these areas,
although I'm not yet convinced that "scopes" are first-class
objects in their own right.
From the consent framework, section 3:
SCOPE combination of SCOPE RULES defining how CONSENT POLICIES are
shared
SCOPE RULES rules defining how CONSENT POLICIES are shared
Thanks for the reminder.
The question is whether SCOPE and SCOPE RULES are independent, or are
they just specific examples of CONSENT RULES and POLICIES.
It's tempting to think that "scope" is merely an attribute of a rule,
rather than an entity in its own right.
If scope were a simple value then I don't see what attributes
it could have, other than being "local", "shareable" or whatever
value the scope has. (I invented these labels at random, I'm not
claiming they're good suggestions, just examples that came to mind
at the time)
It's a common design principle that anything which has only one
attribute (i.e. its value) is not considered to be a separate entity
but is instead a flat "primitive" attribute of something else.
I'd suggest that (for the sake of simplicity) unless anyone can
demonstrate that a scope has additional attributes of its own, then
why not make scope part of a rule or policy definition?
A nice example of this use of scope was Jon Kyme's example of a
consent schema:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01022.html
His suggestion was for scope to be "local", "organisational" or
"global", with regards to how widely it is shared. Is this a
reasonable starting point?
The discussion that followed with Keith Moore was interesting and
dealt with some of the issues to do with how to establish that a
policy is genuine and with priority conflicts between multiple rules.
It's worth a second look.
Andrew
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg