[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Proposed resolution to PM-2-06: Policy Security
Potential Resolution: XACML will be specified in two separate layers. 1. The first layer is the <applicablePolicy> syntax, and will contain no security provisions such as authentication (signature), integrity protection, or encryption. 2. The second layer is a specification of how the first layer can be embedded in another mechanism for security protection. The XACML TC will define such a mechanism using an encapsulating SAML assertion. OASIS members are free to propose other mechanisms, such as encapsulating an <applicablePolicy> inside an X.509 Attribute Certificate. Implementations may be compliant with the first layer only, with both the first layer and with the XACML TC-defined second layer, or with the first layer and another specified mechanism for the second layer. Implementations must state which level of compliance they support. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC