[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Policy combinations; how to preserve intendedmeaning...?
Hi Blair. > I've had some feedback from the fedora-users list too and it turns out > that the XACML support in Fedora is not as complete as it seems. > Apparently target matching and IdReference are not supported, I'll > have to look into this further as I find it hard to believe that > target matching wouldn't be supported given it's such a key feature - > doesn't the sun PDP do this for free anyhow?! Yes, SunXACML certainly does Target matching. It's possible that they just don't expose the infrastructure to let you do any custom matching, or that they structure their policies in such a way that they don't need this feature. I haven't looked at fedora in a long time, so I'm not sure what's going on in there. > I imagine adding > support for references to the PolicyFinder module would not be too > difficult. Trouble is that this is supposed to be a > prototype/feasibility study, I'll find out today whether the higher > ups think it's worth the time. Adding support is easy, but then you have to address two key issues: how you do caching and refresh, and where you store your policies. These can be handled simply if you don't need really efficient evaluation, but can become complex management issues. For a proof of concept, I'm happy to help you add simple support for references if fedora will support it. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]