Re: [xacml-users] Fwd: XACML Privacy Profile

[James Mackie <j.mackie@isi.qut.edu.au>]

I'll provide a bit more background regarding my previous post.

I are trying to use the Privacy Policy Profile of XACML 2.0.

I understand that the attribute resource:purpose specifies usage  
purposes that have been constented to by the data subject.
As such they should be specified in a policy. The tag action:purpose  
describes what a requester wants to do, and therefore should be  
specified within the XACML request context.
The condition included in section 3.1 of the Privacy Policy Profile  
should match the request:purpose with the action:purpose and permit  
only if they match. As such the resource:purpose should not be  
specified in the request context since it is not something the  
requester should be able to define. Is this understanding correct?  
Where and how should the resource:purpose tag be used?

Thanks for your time.


James Mackie

Quoting James Mackie <j.mackie@isi.qut.edu.au>:

> Hi All,
>
> I am a developer working for a research institute and I am
> experimenting with using XACML and MySQL databases.
>
> I am trying to impliment the Privacy Profile, and I am using the JBoss
> XACML library, which in turn uses the Sun XACML library for its
> decision engine.
>
> The question I have is very simple. I have tried to follow as closely
> to the standard as possible but still cannot seem to get it to work. I
> have attached the policy I have created as well as the associated
> Request and Response. Could you please take a quick look and tell me
> if I am doing something wrong?
>
> Thank you very, very much for your time.
>
> Regards,
> James Mackie