OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: rfc3060 et al


In "FTF#1 7/18/01 Minutes" this is stated..

> Policy Core Information Model defines a concrete implementation of 
> knowledge in terms of an LDAP Schema. Can store Policy Expression 
> in directory using that schema and use LDAP queries to get that out.

..and although it is likely fairly close to what I said, it is incorrect and
potentially misleading. The Policy Core Information Model DOES NOT define a 
"concrete implementation of..".


Here's the correct scoop..

RFC3060 defines an object-oriented (abstract) information model for
representing policy information. 

  Policy Core Information Model -- Version 1 Specification
  http://www.ietf.org/rfc/rfc3060.txt


The below Internet-Draft, which is trying to become an RFC, "..defines the
mapping of [RFC3060] information model classes to a directory that uses LDAPv3
as its access protocol." I.e. it defines a concrete LDAP-schema-based
representation of RFC3060's policy model. 

  Policy Core LDAP Schema
  http://www.ietf.org/internet-drafts/draft-ietf-policy-core-schema-11.txt


The attached .ppt file, Strassner-PCIM-3060-DirectoryMapping.ppt, describes the
details of the mapping from RFC3060 into the said LDAP-schema-based
representation described in draft-ietf-policy-core-schema-11.txt.

Of likely particular interest are Slides 4 and 10, which have a graphical
*physical* model illustration -- i.e. it illustrates the LDAP-schema-based
representation ("Policy Core LDAP Schema"), *not* the abstract policy core
information model (PCIM) as specified in 3060. It's important to understand
this about those two slides. 


The set of slides are also interesting from the perspective of their detailed
description of the various subtle considerations (e.g. administration of the
LDAP-based policy repository) those folks thought about in  engineering the
mapping from the abstract PCIM to the concrete "Policy Core LDAP Schema".
Slides 19, 20, 23, 24, 25, 26, 29, 42, 43 harbor some specific examples wrt
administration. 


JeffH

Strassner-PCIM-3060-DirectoryMapping.ppt



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC