[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] [Fwd: RE: xacml <-> dsml]
forwarding this on from gil... b -------- Original Message -------- Subject: RE: xacml <-> dsml Date: Fri, 14 Dec 2001 16:42:50 -0800 From: Gilbert Pilz <gilbert.pilz@e2open.com> To: "'bill parducci '" <bill@parducci.net> Sorry I missed the call. I've been flat on my back for a week with some horrible mutant-flu thing. Since the last time we talked I had the chance to play with DSML a little. It seems to me that it is theoretically possible to transform an XACML policy document into a DSML document and import that document into LDAP. The DSML document could contain elements that described the (LDAP) schema necessary to store the authorization policy entries in case the target LDAP didn't already have this schema. It is also possible to export some LDAP entries into a DSML document and transform that DSML document in XACML. What I don't know (having nothing more than a cursory understanding of XSL/XSLT) is how difficult such transformations would be and if there are any "gotchas" that would keep this from really working. What I think the XACML spec should do is: 1.) Describe the LDAP schema necessary to store authorization policies. This should be done in "LDAP fasion" with dn's, classnames, etc. 2.) (if possible) Provide the XSLT necessary to transform XACML to DSML and vice versa. That way people who don't want to be bothered with DSML can work out their own way to store and retrieve XACML data to and from the defined schema. - gil
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC