David, I divided the topic into separate threads so we can discuss each part separately in easy to read bite sized chunks. This way most of us, mainly me, could respond to comments within a reasonable amount of time. Divide and conquer!
These small chunks paraphrase concepts within NIST paper using simple yet clear words that many of us can relate to based on our experiences with authorization without being mathematicians. We can elevate the conversation to that level later however we will loose some people in the process. The idea is to engage as many people as possible with simple clear descriptions. Because we don't need to define things as a specification does to have users give us good ideas based on their experiences. We just need to use clear language. That was the point, not to reinvent the NIST terminology, but to state them in the IT vernacular. There will be time for pulling out the material in the NIST paper and discussing it's points verbatim but first we need to discuss and identify the problem in clear language without using complex vocabulary on ideas that are mixed together across an email taking 5 pages. I don't think you considered why I initially used this format. Perhaps you may consider breaking down your thoughts into smaller pieces? Maybe you can reply to my previous posts instead of derailing those threads? Alex
