-
Type:
Bug
-
Status: New
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 1.0
-
Fix Version/s: None
-
Component/s: XDI Policy
-
Labels:
Policy Expression Requirements - Policy Expression Pattern
We really need to make an effort to better explain this section. I suggest that before laying out the exact pattern, we describe the approach in layman's terms. How about something like this:
[Place at the top of Policy Expression Pattern]
A policy is the combination of individual policy statements. An XDI policy statement can take two forms:
- A condition that must be met or,
- An authorized operation that may only be performed over a particular XDI statement (or subgraph?).
A condition is described using a <context> / <value> / <condition> patten where:
- <context> describes the relationship of this statement to other statements
in the policy (i.e. how to compose those statements) - <value> is the boolean value the condition must match
- <condition> describes the condition to be evaluated by the policy
An authorized operation is described using a <context> / <operator> / <XDI subgraph> pattern where:
- <context> describes the relationship of this statement to other statements
in the policy (i.e. how to compose those statements) - <operator> describes the graph operation that is requested
- <XDI subgraph> describes the targeted XDI statement (or subgraph)
In details, /.../ <== At this point, we can add the formal pattern description that’s already in the spec. However, I would recommend keeping the separation between the 2 types (condition & authorized operation) and align the terminology with the above.