[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: FW: proposed XACML Domain Model + Scope
All members should make sure to review Gilbert's document prior to the call on Thursday. Here are my comments: First and foremost, thanks for producing this Gilbert! In answer to the question "Should the Policy Decision Point be in scope for XACML?". Yes. Although I had not initially envisioned the PDP as part of our scope, I think we need to make it in scope as a matter of practicality. Forming yet another TC seems like a bad idea and until the PDP is in scope for someone, the policy language won't be used. This is similar to the access protocol question that came up earlier. The definition of Authorization Decision Assertions: "Assertions that correspond to the result of an authorization decision. Such assertions must contain the binary result of the decision (permitted/not permitted) and may contain additional "advisory" information that serves to act as an explanation for the decision" appears inadequate. Based on examples from SAML and at least what I envision being produced by a PDP the authorization decision will include the operation that is permitted, e.g. read, write, provision, execute, provision, use, etc. We need a definition for Authorization Attributes before we can address the concern "I am disturbed about the fact that Authorization Attributes appear in Figure 1 but don't appear in Figure 2. Are there attributes who's schema are likely to closely coupled with the Authorization Policies defined within the security domain? Does the definition of these attributes then fall within the scope of XACML?" -----Original Message----- From: Pilz, Gilbert [mailto:gpilz@jamcracker.com] Sent: Thursday, June 07, 2001 6:08 PM To: 'xacml@lists.oasis-open.org' Cc: security-services@lists.oasis-open.org Subject: proposed XACML Domain Model Attached is my strawman proposal for the XACML Domain Model. Basically it is just a reference to the SAML Domain Model with some changes and additions. <<draft-xtc-use-domain-01.doc>> -- <<Gilbert Pilz.vcf>>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC