[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] [Model] Re: Composition Use Case
On 17 December, Polar Humenn writes: Re: [xacml] [Model] Re: Composition Use Case > > I don't think the language syntax itself can handle the matching > > rules for real-world sets of attributes. I think the language > > must have a way of pointing to executables for handling the > > matching. > > And what assurance do you have that the executable does the right thing? The pointer to the executable should be supplied by the policy issuer, as a reflection of the issuer's intent. The policy itself, which contains the pointer, must be signed. The executable can be signed (either by the policy issuer or by a delegate), or the signed policy that contains the pointer could contain a hash of the executable. There are certainly other ways. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC