[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [model] New Issue: applicability
Anne wrote: > Add an "applicability test" syntax to <policy>. > In the example syntax below, I have stolen Simon's > <grant> element name because there are some similarities. > A <grant> element has the semantics that "if the <if> > predicate is FALSE, then the <grant> returns NOT- > APPLICABLE. Otherwise, the <grant> returns the > result of the <then> predicate... I think that this is a good way to handle it. One immediate application that I can see deals with the case of expressing a variety of combinations of contextual or environmental attributes for which there might be different, finer-grained (and possibly volatile) requirements. An example is the problem of capturing access control policies for a resource that might be view in a variety of contexts; the administrator would like to specify different fine-grained attribute requirements appropriate for these different contexts, but also wants to easily manage the group of requirements as a single "policy" applied to the resource. | John S. Erickson, Ph.D. | Hewlett-Packard Laboratories | PO Box 1158, Norwich, Vermont USA 05055 | 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax) | john_erickson@hpl.hp.com AIM/YIM/MSN: olyerickson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC