OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-dev] XACML 2

Argyn,

I took your comments and used them to modify the examples in the
current RBAC draft:

   Core and Hierarchical Role Based Access Control (RBAC) profile
   of XACML, Version 2.0, Working Draft 03, 22 September 2004:
   http://www.oasis-open.org/committees/download.php/9382/RBAC-profile.zip).

The RBAC draft examples are intended to XACML 2.0 conformant, and
since there are no XACML 2.0 implementations available, you will
necessarily have to make modifications as described at the start
of the RBAC draft.  If, with those modifications, the new
examples still don't work for you, please let me know.

Anne

On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] XACML 2
 > From: "Kuketayev, Argyn" <argyn_kuketayev@fanniemae.com>
 > To: xacml-dev@lists.oasis-open.org
 > Subject: RE: [xacml-dev] XACML 2
 > Date: Wed, 29 Sep 2004 10:10:09 -0400
 > 
 > Maybe I mean samples, not tests. When I first tried to implement RBAC, I
 > took samples from the document, and they didn't work. It took some time
 > to make them loadable and work with SunXACML. I thought that having
 > those samples as policy XML docs would help implementors.
 > 
 > Argyn
 > 
 > > -----Original Message-----
 > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
 > > Sent: Wednesday, September 29, 2004 10:00 AM
 > > To: Kuketayev, Argyn
 > > Cc: xacml-dev@lists.oasis-open.org
 > > Subject: RE: [xacml-dev] XACML 2
 > > 
 > > 
 > > There are no plans.  The RBAC profile has not yet been 
 > > approved as a CD.
 > > 
 > > It would be a test of how you implement your policy storage 
 > > and retrieval mechanism, since the RBAC profile requires no 
 > > changes or functional extensions to XACML.  It is strictly a 
 > > "profile" or paradigm for XACML usage.
 > > 
 > > Can you suggest a conformance test that would be useful?  The 
 > > only thing I can think of is to pass in a Request containing 
 > > a role attribute, having two Role PolicySets - one that 
 > > applies and one that doesn't - and two Permission PolicySets 
 > > - one for each role.  The test would be verifying that only 
 > > the applicable Permission PolicySet was applied.  That is all 
 > > standard XACML, so I don't think it is very useful.
 > > 
 > > Anne
 > > 
 > > On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] 
 > > XACML 2  > From: "Kuketayev, Argyn" 
 > > <argyn_kuketayev@fanniemae.com>  > To: Anne.Anderson@Sun.COM, 
 > > xacml-dev@lists.oasis-open.org  > Subject: RE: [xacml-dev] 
 > > XACML 2  > Date: Wed, 29 Sep 2004 09:38:03 -0400  > 
 > >  > Are there any plans to have conformance tests or samples 
 > > for RBAC  > profile?\  > Argyn  > 
 > >  > > -----Original Message-----
 > >  > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
 > >  > > Sent: Wednesday, September 29, 2004 9:31 AM
 > >  > > To: xacml-dev@lists.oasis-open.org
 > >  > > Subject: RE: [xacml-dev] XACML 2
 > >  > > 
 > >  > > 
 > >  > > On 28 September, Diego M. Gonzalez writes: RE: [xacml-dev] 
 > >  > > XACML 2  > I have finished the code that loads the policies 
 > >  > > and makes  > difference for both versions. But I'll like to 
 > >  > > start with a  > TDD environment for which I have to create 
 > >  > > some conformance  > tests with the new schema and 
 > > namespaces.  >  
 > >  > >  > Have you started with the conformance tests? Do you want 
 > >  > > to  > use a common place to store them so any implementor can 
 > >  > > get  > the tests, and provide feedback about them?
 > >  > > 
 > >  > > Diego,
 > >  > > 
 > >  > > The XACML TC has not discussed conformance tests for XACML 
 > >  > > 2.0. I have asked the chairs to put the topic on our agenda.  
 > >  > > Sun volunteered to do CTs for XACML 1.0, and IBM for XACML 
 > >  > > 1.1, but I don't know if IBM is interested in doing them for 
 > >  > > XACML 2.0. There is no requirement that a spec have CTs, but 
 > >  > > it certainly is valuable.
 > >  > > 
 > >  > > Anne
 > >  > > -- 
 > >  > > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
 > >  > > Sun Microsystems Laboratories
 > >  > > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
 > >  > > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
 > >  > > 
 > >  > > 
 > > 
 > > -- 
 > > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
 > > Sun Microsystems Laboratories
 > > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
 > > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
 > > 
 > > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]