Re: [xacml] Agenda for November 15 Telecon...

[bill parducci <bill@parducci.net>]

i am having trouble coming to grips with this concept in a practical sense.

here is an example of something that i work with on a regular basis: 
content filtering.

let's suppose that i want to use a  PEP to filter e-mail/news/media 
feeds, etc. based upon content. here are some examples:

ALLOW (the easy stuff)
----------------------
^From.*root\@.*(mydomain\.net|(mydomain|yourdomain|hisdomain|herdomain)\.com)
^From.*xacml\@lists.oasis-open\.org

DENY
----
^Subject:.*LOVEYOU
^Subject:.*invest.in.credit.card
^Subject:.*[sS]av((e)|(ings))?.up.to

DENY ('score' based, may require multiple hits to deny)
----------------------------------------------------
Content: [(no)?(without)?].obligation
Content: over.(18|eighteen)
Content: bargain
Content: (^debt|[ ]debt)
Content: save.big
Content: no.*fee

this is a small sample of the hundreds (if not thousands) of conditions 
that can be used (i personally have hundreds). conversely, the number of 
possible character combinations comprising a request is litterally 
infinite. describing the ALLOWs is easy, but how does one generate a 
policy that says:

deny message if the content contains: (^debt|[ ]debt) ?

thanks

b


Pierangela Samarati wrote:

 > Hi
 >
 > as mentioned in the concall today al the last policy committee
 > call we discussed the issue of positive (meaning permissions; e.g.,
 > "this principal can access this resource") and negative authorizations
 > (meaning denials: "this principal cannot access this resources").
 > While it is true that you cannot do with permissions alone (many cases
 > call for more flexibility), it is also true that having denials
 > complicates the framework (mostly also since when you start having 
denials
 > you start thinking of the different semantics that they can carry - and
 > that who specified the rule may have intended).
 >
 > i had proposed an alternative solution inspired by a recent work, which
 > goes as follows. Distinguish two kinds of rules:
 >
 > 1) the ones that specify sufficient conditions (which are the permissions
 > above)
 >
 > 2) the ones that specify necessary conditions.
 >
 > instead of repeating descriptions and examples here, i am attaching you a
 > file of that work where the two forms of rules are introduced (Section
 > 4.2). Of course our language is different as more expressive; but that
 > gives the idea.
 >
 > only one thing, what i call "subject"
 > there is our "principal", what i call "object" is our "resource"
 >
 > pls just send me email (or post the group) for any clarification that may
 > be needed, and any comments.
 >
 > best
 > -p