OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] hierarchical resources


Argyn wrote:
> your problem would be to find PDP which actually supports hierarchical 
> resources

SunXACML supports the 1.x notion of Hierarchical Resources.

Dhirendra - While I haven't done a lot of work with hierarchies, what 
you've described seems like a pretty reasonable approach. You could also 
think about defining the company memberships as nested groups and 
writing your policies to say "if the user is in this group" with an AFM 
or custom function that expands correctly. For that matter, you could 
just use some regexp or XPath notation, but I think that gets less 
flexible pretty quickly.


seth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]