OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Is the authorization policy and access control policy same in XACML

hi, Anne:
   many thanks.  I think you are right, but i only understand few
differences between them.
Do you think the result of access control is "permit" , "deny" or others (
four cased in XACML), but authorization result is the action term depict in
a rule, e.g., read , write etc.?

I also searched the two words from a glossary of one RFC(
http://www.isi.edu/in-notes/rfc2820.txt),
Their interpretations are as followings:
-----------------
 Access control policy - A set of rules, part of a security policy, by
   which human users, or their representatives, are authenticated and by
   which access by these users to applications and other services and
   security objects is granted or denied.

   Authorization policy - A set of rules, part of an access control
   policy, by which access by security subjects to security objects is
   granted or denied.  An authorization policy may be defined in terms
   of access control lists, capabilities, or attributes assigned to
   security subjects, security objects, or both.

--------------
I really wana know if these two terms have no obvious differences in
informaiton security, but it seems not so.

regards

jarry


On 5/8/06, Anne Anderson <Anne.Anderson@sun.com> wrote:
>
> Jarry,
>
> "Access control" is the purpose or result of a policy.  "Authorization"
> is the permission needed to gain access, and, in a system such as XACML,
> this permission is described in a policy.  So the terms tend to be used
> somewhat interchangeably.
>
> Anne
>
> grassland wrote:
>
> > hi, all,
> >  Recently, I am confused by some concepts in XACML.
> > who can tell me their differences? the authorization policy and access
> > control policy.
> > However, I see some one oftern uses the two term alternately.
> > who can give me some examples coded with XACML to distinguish them.
> >
> >
> >
> > thanks.
> >
> >
> > jarry
> >
>
> --
> Anne H. Anderson               Anne.Anderson@sun.com
> Sun Microsystems Labs          1-781-442-0928
> Burlington, MA USA
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]