xacml-comment message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml-comment] Resource types
- From: Paul Andrews <paandrew@cisco.com>
- To: xacml-comment@lists.oasis-open.org
- Date: Fri, 22 Nov 2002 10:28:59 -0500
I note that the set
of types allowed in a 'resource' element is restricted, as is the match
criteria. Given the nature of my employers business I would like to be able to
use types and match criteria that have not been defined. My reading of the spec.
shows that the accepted answer to that is to move the resource specification to
a 'condition' element instead, but that simply begs the question of why a
'resource' element exists in the first place if a 'condition' element can
achieve the exact same thing (or conversely, if a condition element can be
extended, then why not a 'resource' element).
I understand the
desire to facilitate indexing, however moving a resource match to a condition
makes it difficult, i fnot impossible, to deduce the role played
by the arguments to the condition. This in turn makes it
hard to automatically translate the XACML representation of a policy
into a different representation (as might be necessary if the actual access
control were being performed by a legacy system).
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC