ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based

2003-08-21 21:51:19
from [Yakov Shafranovich] [Permanent Link] 
At 03:38 PM 8/20/2003, Andrew Akehurst wrote:

Quoting Yakov Shafranovich <research(_at_)solidmatrix(_dot_)com>:

> At 04:31 PM 8/15/2003, Pete (Madscientist) wrote:

>> I have started a web site for the development of an XML based CPDL
>> (Consent Policy Description Language).
>> ... 8< ...
>>
>> http://www.sortmonster.com/ASRG/

> Any particular reason why the implementation specific details are
> included within the same XML files? Consent policies will need to
> be implementation-independent and it might be a good idea to split
> them up into two XML files. This is similar to the way the J2EE
> platform handles deployment - two XML files are provided, one
> vendor and implementation neutral, and the second implementation-
> specific.
.........

What I would suggest is that certain tests and policy actions should
be regarded as being fundamental primitives which all CPDL conformant
consent-based systems must support. These would probably include
basic tests like "header X matches expression Y" and essential policy
actions such as "allow delivery" and "silently discard
message".

Then such primitive tests and actions would not need to be defined
in terms of additional scripting languages: any conforming MUA or
MTA could implement them in whatever specific way suits its own
low-level implementation details. (And indeed MUST implement them in
order to comply with the standard.)

Then you can concentrate on defining additional tests and actions
via some external mechanism, either in terms of the primitives or
by using some additional libraries.
...........
One thing that could be done here is to create an IANA registry for maintaning the basic primitives in order not to publish another RFC. 


YS> Also, do we need to include the identification of the person or
YS> system that the policy applies to?

Why might this be useful? In principle I don't object unless
people are forced to include such details (because then there are
privacy issues involved).

If anyone wants to include such details then maybe they should be
able to. However I can't think why anyone would want to. Do you
have an example?
o A user who needs to merge his policy with the ISP's. It would be useful to include the identification of the ISP in the policy. 
o Two parties exchanging consent tokens and policies. ID is needed.
Yakov 

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Asrg] 4d. Consent Framework - Protocols and Formats, Yakov Shafranovich
Next by Date:  Re: [Asrg] 2.a.1 Analysis of Actual Spam Data - next steps, Scott Nelson
Previous by Thread:  RE: [Asrg] 4d. Consent Framework - Protocols and Formats - XML Based, Pete (Madscientist)
Next by Thread:  RE: [Asrg] 4. Consent Framework - General, Christopher Bird
Indexes:  [Date] [Thread] [Top] [All Lists]