[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Username in the <Delegate> element
Muhammad Masoom Alam wrote: > Hi, > > Infact, i meant for putting a complex object e.g. representing the > <Issuer> in the policy. Accordingly there will be a complex object in > the <Delegate> Element. The <PolicyIssuer> element is of the same type as the <Delegate> element, so this is supported. > Another thing is that what about using RBAC profile for rights > delegation too. I had a look at the discussion regarding its > pros/cons. but what is your personal opinion about it > In my opinion, without it, things are more clearer, e.g. > > "A role R wants to delegate his rights on some service S to role R" > > Here, service S is only permitted to some members of Role R according > to their characteristics. > > Now, if one of the member which have previlege wants to delegate the > right to use service S to one of the member of role R then ? I am not sure I understand you, but it should be possible. You just indicate the role that has the right to delegate in a target <Delegate> element and when someone delegates, you put his role attributes in the context <Delegate> element. Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]