[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Policy question
Hi Ludwig, This is an interesting approach, thank you for bringing it to my attention. On first glance it looks like it could work for my use case. If it does, I may try to implement the function. Thanks, Ray > -----Original Message----- > From: Ludwig Seitz [mailto:ludwig@sics.se] > Sent: Tuesday, May 13, 2014 8:50 AM > To: Sinnema, Remon; xacml-users@lists.oasis-open.org > Subject: Re: [xacml-users] Policy question > > On 05/12/2014 05:25 PM, Sinnema, Remon wrote: > > All, > > > > Suppose I have a system with documents, and access to those documents is > > governed by a number of policies. Now comments are introduced to the > > system, and the access control requirements for comments are as follows: > > > > 1.Anybody who can see a document is allowed to see all comments on it. > > This is tricky. You can perhaps do it with the access-permitted function > (section A.3.16 of the standard), but implementation of this function is > optional and I don't expect many XACML engines to actually implement > this (it's just too tricky to get this right without open up the PDP to > denial of service) > > > Regards, > > Ludwig > > > -- > Ludwig Seitz, PhD > SICS Swedish ICT AB > Ideon Science Park > Building Beta 2 > Scheelevägen 17 > SE-223 70 Lund > > Phone +46(0)70-349 92 51 > http://www.sics.se
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]