[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Implementing UNIX file system acl using xacml
On mån, 2011-11-14 at 14:29 +0100, Marco Biagi wrote: > Thank you for your new reply! > I had already take in charge this solution too, but I had discarded it > because in this way, like the previous one, the authorization logic is > not in the policy but in the function I write for example in java(in the > previous solution was in the PEP). > I think that a good solution should have authorization logic exactly > where you expect it to be, in the policy. > I think is strange that a language such as XACML, dosen't allow to write > this type of policy with its expression language. > It is possible that XACML expression language (I'm talking about the 2.0 > version) has some limitation working on higher order bag? > Thank you in advance again! > Regards, Without looking more closely I'm inclined to believe you are right: It is a limitation of the XACML language. If you design a generic XACML extension to solve this problem, I would encourage you to submit it to the TC, it may become part of the next version of XACML. /Ludwig -- Ludwig Seitz, PhD Swedish Institute of Computer Science Ideon Science Park Building Beta 2 3v Scheelevägen 17 SE-223 70 Lund Phone +46(0)70-349 92 51 http://www.sics.se
Attachment:
signature.asc
Description: This is a digitally signed message part
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]