[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Implementing UNIX file system acl using xacml
Thank you for your new reply!I had already take in charge this solution too, but I had discarded it because in this way, like the previous one, the authorization logic is not in the policy but in the function I write for example in java(in the previous solution was in the PEP). I think that a good solution should have authorization logic exactly where you expect it to be, in the policy. I think is strange that a language such as XACML, dosen't allow to write this type of policy with its expression language. It is possible that XACML expression language (I'm talking about the 2.0 version) has some limitation working on higher order bag?
Thank you in advance again! Regards, Marco On 11/14/2011 02:03 PM, Ludwig Seitz wrote:
On mån, 2011-11-14 at 13:24 +0100, Marco Biagi wrote:Thank you for your reply! I had already take in charge this solution, but I had discarded it because in this way the application logic is on PEP, and I prefer have it on the PDP. There are any other possible solution to solve this problem without move in the PEP the application logic?Well there is always the quick-and-dirty solution to use the 'x' of XACML: Write your own extension function (which then of cours is not standard conformant) that performs this kind of check. If you can make the function general/useful enough, the TC might even consider to include it in XACML v4.0 Regards, Ludwig
-- Dott. Marco Biagi Netfarm s.r.l. Phone: +39 050 0981576 Fax: +39 050 777659 Web: http://www.netfarm.it/ Email: marco.biagi@netfarm.it
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]