OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XACML Profle for Rights Delegation

Hi Erik,

  I have some confusion regarding the selection of policies by the PDP.

First of all, let me define my understanding of policies.
  Trusted Access Policies (Policies that does not contain <PolicyIssuer> and <Delegate> Element )
   Non-Trusted Access Policies ((Policies that does contain <PolicyIssuer> element but does not contain <Delegate> Element )
   Trusted Administration Policies (Policies that does not contain <PolicyIssuer> but does contain <Delegate> Element )
   Non-Trusted Administration Policies (Policies that does  contain <PolicyIssuer> and <Delegate> Element )
   

Now, my question is that how PDP will choose a particular  policy.
My finding according to the following rule are:

Rule 1: "Only owner can delete a resource"  .
 Now this rule is expressed through a Trusted Access Policy.
There is also a rule:
Rule2: "Owner can delegate their access rights to other members provided both are working in the same reseach group"
  Now this rule is expressed through Trusted Administration Policy.

  Suppose there is an access request by a member to delete a resource who is not the owner of the corresponding resource.

First of all , PDP will see in the Trusted Access  Policies which clearly states that in order to delete a resource, the member should be owner (c.f. Rule 1). so it means a Deny Response (what is your opinion ?)
Now, PDP will again look for Non-trusted Access Policy i.e. whether some member (resource owner) issued such a policy that some other member (which is not an owner) can delete a resource. suppose there is a Non-Trusted Access policy stating that a member can delete a resource even if he is not the resource owner. Now this has to be confirmed by some Administration Policy. The PDP will look into the Trusted Administration Policy repository first and find a policy (c.f. Rule 2) that owner can delegate access rights to delete a resource. Now there is no need to check Non-trusted Administration Policy.

 The point is that there can be two policies stating the same condition but one is trusted and other is non-trusted. My question (or opinion) is that PDP will always check for trusted (Access/Administration) Policy. After that, he will go for Non (Access/Administration) Policy. i.e. if there is a trusted policy, there is no need to make a chain of policy checking.




Best Regards,
MA

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]