[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Newbie:Usage of XACML
Stefan Brandl wrote: > > we'are realizing some kind of a management system which can > provide rights(not only access decision) to external systems. > > I dont't know if XACML can be used for the following Use-Case: > > An external systems want's to get all rights of a certain > person associated with a certain ressource of a certain > provider. > I agree with other's comments and want only add that your task is rather Attribute Authority (AA) functionality. Look for implementation in Shibboleth or some more generic LDAP based user directories. Shibboleth has also privacy enforcement attribute release policy where you can control what attributes about an authenticated user you can release. In LDAP you can request all specified attributes. Yuri > > I've seen that XACML replies only "PERMIT, "DENY" ... > Is there a way to express rights within the Response like > "is able to edit admin information" or "can delete user > information". > > Thanks in advance, > > > Stefan > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-users-help@lists.oasis-open.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]