[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-comment] Public Comment
I think the idea of more defaults is a good one and I am forwarding this to the TC list. However, based on past discussions, I believe the TC would be more likely to select "deny-overrides" as the default. Hal > -----Original Message----- > From: comment-form@oasis-open.org [mailto:comment-form@oasis-open.org] > Sent: Tuesday, December 20, 2005 11:48 AM > To: xacml-comment@lists.oasis-open.org > Subject: [xacml-comment] Public Comment > > Comment from: ludwig@sics.se > > Name: Ludwig Seitz > Title: PhD Researcher > Organization: Security, Policy and Trust Laboratory, SICS, Sweden > Regarding Specification: XACML > > Hello all, > I wanted to suggest some points for the XACML standard with the goal of > simplifying XACML Policies (by reducing their verboseness). > > 1. Define a default policy/rule combining algorithm, e.g. "permit- > overrides", if the attribute PolicyCombiningAlgId/RuleCombiningAlgId is > missing from a PolicySet/Policy tag. > > 2. Define "string-equal" as default MatchId attribute in SubjectMatch, > ResourceMatch and ActionMatch tags. > > 3. Define "http://www.w3.org/2001/XMLSchema#string" as default DataType > attribute in AttributeValue tags. > > 4. Define "urn:oasis:names:tc:xacml:1.0:subject:subject-id"/ > "urn:oasis:names:tc:xacml:1.0:resource:resource-id"/ > "urn:oasis:names:tc:xacml:1.0:action:action-id" > as default values for the AttributeId attribute of > SubjectAttributeDesignator/ > ResourceAttributeDesignator/ > ActionAttributeDesignator > > Regards, > > Ludwig Seitz > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-comment-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-comment-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]