[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] XACML Resource Element
I am fairly new to the list so excuse me if this topic has already been raised. I am very interested in knowing if anyone has considered normative profile mapping for Java2 permissions or the J2EE/JACC security models as well? IMHO, Java2 permissions don't fit the XACML model cleanly since it usually involves permissions restricting a codeBase and not a Subject / user. Thoughts? Jeff ----- Original Message ----- From: "Daniel Engovatov" <dengovatov@bea.com> To: <marchadr@wellsfargo.com>; <Seth.Proctor@sun.com> Cc: <xacml-users@lists.oasis-open.org> Sent: Wednesday, September 21, 2005 1:17 PM Subject: RE: [xacml-users] XACML Resource Element It absolutely makes sense. That is the reason XACML resource concept was designed to be so flexible. All is needed is a normative profile for mapping some other specification resource into XACML space. Since WS-Resource developers are intimately familiar with the structure that they need to present for authorization decisions, perhaps they may suggest such a mapping? It, preferably, should be a strictly defined collection of named attributes of the XACML types, or, optionally, an XML document that can included in request. Note that XML document support is optional in XACML and puts the burden of extracting the relevant values on the policy writer. It would be nice to do that for them. Daniel; -----Original Message----- From: marchadr@wellsfargo.com [mailto:marchadr@wellsfargo.com] Sent: Wednesday, September 21, 2005 9:12 AM To: Seth.Proctor@sun.com; Daniel Engovatov Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org Subject: RE: [xacml-users] XACML Resource Element Here is what seems to be happening: Some specifications are using a resource to define parts of their specifications. It would be nice to have the mapping of a XACML resource to a WS-Resource since a authorization filter could be thrown on top of the specifications using the WS-Resource with relative ease. For instance I am a service provider providing WS-Notifications or something else. I want to add policy enforcement based on my resource definitions. I look at products that support XACML and throw that in front of my service provider to check the WS-Resource to retrieve groups and policies for the specific resource based on the service client definitions. Does this make sense? - Dan -----Original Message----- From: Seth Proctor [mailto:Seth.Proctor@sun.com] Sent: Tuesday, September 20, 2005 5:44 PM To: Daniel Engovatov Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] XACML Resource Element On Sep 20, 2005, at 8:40 PM, Daniel Engovatov wrote: > WS-Resource can be expressed as an XACML resource. XACML resource > is a > more generic concept. What we may want is to develop a profile for > normative mapping. Umm, yeah. What Daniel said :) seth --------------------------------------------------------------------- This publicly archived list supports open discussion on using the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]subscribe@lists.oasis-open.org List archives: http://lists.oasis-open.org/archives/xacml-users/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]