[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: XACML Charter Scope
I agree with Ernest, that XPath/XSLT is one of proper standards for retrieving some parts of XACML policy specification from repository, while in our access control language for XML (XACL), we did not use XPath for extracting parts of policy specification. We used a table representation that binds target resource name to a relevant XML policy file. As Hal wrote that "it seems it would be useful to describe how they would be contained in or bound to the document to which they refer." I think it would be useful to create use cases of how XACML policy is contained in the target document (it seems to be an annotation to the target document, say "embedded policy"). Another case is just mentioned above, that is "detached policy". regards, Michiharu Kudo Internet Technology TEL +81-46-215-4642 Tokyo Research Laboratory FAX +81-46-273-7428 IBM Japan Ltd. Internet: kudo@jp.ibm.com From: ernesto damiani <edamiani@crema.unimi.it> on 2001/05/24 19:09 Please respond to ernesto damiani <edamiani@crema.unimi.it> To: "Simon Y. Blackwell" <sblackwell@psoom.com>, xacml@lists.oasis-open.org cc: Subject: Re: XACML Charter Scope I agree, especially when you say that we do not need to reinvent the wheel.. Having worked a lot on XML query languages in the last couple of years (I even was at the first W3C workshop on this subject ;-), interested people may take a look at http://xerox.elet.polimi.it) my personal opinion is that XQuery gives you a lot of expressive power.. and, at least for now, lots of trouble we do not need. There is a standard, robust, well-understood mechanism to refer to portions of XML data, and it is XPath (BTW, as you know most of the academic proposals towards access control languages for XML, including our own, exploit this mechanism for identifying objects). XSLT is based on XPath, and it seems very reasonable XSLT/XPath to be used to extract and process parts of an XACML policies' repository. Needless to say I do NOT think we should get involved with any lower level issue such as serialization etc.: our XACML info may travel inside a HTTP packet, be stored on disk as a XML text file or serialized using any other mechanism. Comments welcome... ernesto
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC