[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-dev] Groups handling
Hello, Another issue is how to express "permission to give permissions" I would like to authorization to be something like: "permit subject x (to give permissions subject w to resource y with attributes constraints z) with attribute constraints v" For example: Permit user x to give permissions for user w between 2pm-8pm to write-access on file y with write-action with attribute security-level=sensitive Here I have: a subject - user x, an action - "give permissions" an attribute (or maybe another subject) - user w an attribute - between 2pm-8pm an attribute (or maybe another action) - write-access a resource - file y an attribute - security level Is there any standard to express permission to give permissions? Thanks, Yair -----Original Message----- From: Kuketayev, Argyn (Contractor) [mailto:argyn_kuketayev@fanniemae.com] Sent: Tuesday, September 20, 2005 3:53 PM To: xacml-dev@lists.oasis-open.org Subject: RE: [xacml-dev] Groups handling You can groups your subjects by a certain attribute. E.g. you can an attribute "group-id", and assign it all groups of this subject. It'll be similar to LDAP, imho. RBAC is when you need a standard way to handle roles with inheritance and so on. It follows NIST standard on RBAC. argyn The electronic mail message you have received and any files transmitted with it are confidential and solely for the intended addressee(s)'s attention. Do not divulge, copy, forward, or use the contents, attachments, or information without permission of Fannie Mae. Information contained in this message is provided solely for the purpose stated in the message or its attachment(s) and must not be disclosed to any third party or used for any other purpose without consent of Fannie Mae. If you have received this message and/or any files transmitted with it in error, please delete them from your system, destroy any hard copies of them, and contact the sender. > -----Original Message----- > From: Yair Sade [mailto:yairs@cyber-ark.com] > Sent: Tuesday, September 20, 2005 9:20 AM > To: xacml-dev@lists.oasis-open.org > Subject: [xacml-dev] Groups handling > > Hello, > > > > Is there any standard way to implement groups in XACML access > control (as standard access control systems as LDAP > directories, windows, etc.)? > > The only close thing I've found is the RBAC profile which is > not exactly the same. > > > > Thanks, > > Yair > > --------------------------------------------------------------------- This publicly archived list supports open discussion on implementing the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]subscribe@lists.oasis-open.org List archives: http://lists.oasis-open.org/archives/xacml-dev/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]