clarification for V4.1 and V4.2

[elarlang]

In V4 we have sections:

• V4.1 General Access Control Design
• V4.2 Operation Level Access Control

Can we have clear ruleset, why those are separate and by what conditions one requirement belong to them. For example, why 4.1.3 is in V4.1 not in V4.2 although it's pretty much same requirement as 4.2.1.

[elarlang]

ping @tghosth

[EnigmaRosa]

From my understanding, V4.1 is more focused on design/architecture of the access control system and V4.2 on some of the implementation details. Is that correct?

[tghosth]

Not sure we have ever had any guidance there so I am open to suggestions. I think it would be good to have some brief text at the start of each section which explains what sort of requirements are going in there.

[EnigmaRosa]

Some guidance would be great - I think that means we have to do that throughout the entire standard.
Before we write guidance though, we should agree on the rule set for 4.1 and 4.2 though.

[elarlang]

Some guidance would be great - I think that means we have to do that throughout the entire standard.

Yes, and for that we have a separate issue opened so we don't need to discuss it here: #1797

we should agree on the rule set for 4.1 and 4.2 though.

If we it is not easy to find what is the difference between those section, it is natural to ask, do we need 2 separate chapters.

If we use architecture/principle for V4.1 and implementation for V4.2

• V4.1.1 - arhitecture/principle
• V4.1.2 - implementation
• V4.1.3 - implementation (although can be watched also as a principle)
• V4.1.5 - arhitecture/principle
• V4.2.1 - implementation (pretty much the same as V4.1.3)
• V4.2.3 - implementation (duplicate of V4.1.3 + V4.2.3)
• V4.2.4 - implementation

[tghosth]

@EnigmaRosa does the split which @elarlang proposed make sense to you?

[elarlang]

Linking it here: #2063 (comment) (potential clarifying for 4.1.3)