[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: The Subject/Object Paradigm
> A more recent view of the same problem takes the access > control decision as > a starting point and asks "Under what conditions should this > request be > allowed?" In this resource-centric view, many different inputs may be > combined to make the decision, not just user identity. Is the subject/object issue the point of difference here or the nature of the question? The current draft is written to allow the question 'can subject X access object Y?'. The question you appear to want to ask is 'what is the set of subjects that can access object Y?' or 'what attributes must subject X have to access object Y?' which amounts to the same thing. I think these are good questions to ask and believe that XACML should support them. However they appear to be out of SAML scope (for now). Phill Phillip Hallam-Baker FBCS C.Eng. Principal Scientist VeriSign Inc. pbaker@verisign.com 781 245 6996 x227
Phillip Hallam-Baker (E-mail).vcf
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC