[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] apr15 schema subcom issues
Hi all, Thanks to Anne for pointing to these sources. BTW, I checked XACML document repository and found 6 references to Ponder project. Did anybody have a chance to get familiar with what specifically those people have done? What I got out of brief scanning the paper Anne reffered to, they used OCL for specifying constraints in their policies as well as expressions in Ponder's "meta-policies." The Ponder project must have quite a bit of experience with using OCL in the access control problem domain. This discussion of using a language for combiners made me think of something else (but not completely different). If it is really a goal for XACML TC to produce such a spec that any two XACML-compliant PDPs would always return the same result for any given authorization request and policy, then the spec needs to be very precise not only about the semantics of standard combiners. It needs to have precise definition of semantics for many other things in the schema. By "precise definition" I mean here a definition in some formal language and not in plain English. If this TC defines precisely the semantics of only standard combiners, the TC would not achieve this goal. If so, then the TC could just acknowledge this fact by explicitly saying somewhere in the spec that the spec is not giving precise definition of the semantics for the schema elements, and move on without spending the members' time on "covering" combiners. This decision could be re-evaluated in later versions of the spec though when all bigger problems are solved. Best regards Konstantin -----Original Message----- From: Anne Anderson [mailto:Anne.Anderson@Sun.com] Sent: Wednesday, April 17, 2002 12:41 PM To: xacml@lists.oasis-open.org Subject: Re: [xacml] apr15 schema subcom issues On 17 April, ernesto damiani writes: [xacml] apr15 schema subcom issues > One more comment about OCL: it has been used with mixed results as a query > language for class declaration repositories, e.g. to select existing > declaration and implementations that "match" a given template. > As a language for describing algorithms from scratch well... it has its > drawbacks. OCL was used in the following two access control policy projects, but I had trouble understanding the resulting specifications. author = {F. Chen and R. S. Sandhu}, title = {Constraints for Role-Based Access Control}, booktitle = {Proceedings of the 1st {ACM}/{NIST} Role Based Access Control Workshop, Gaithersburg, Maryland, {USA}}, OPTcrossref = {}, OPTkey = {}, OPTpages = {}, year = {1995}, OPTeditor = {}, OPTvolume = {}, OPTnumber = {}, OPTseries = {}, OPTaddress = {}, OPTmonth = {}, OPTorganization = {}, publisher = {{ACM} Press}, note = {cited in \cite{damianou:1}. Uses OCL \cite{uml:1}.}, OPTannote = {} @TechReport{damianou:1, author = {Nicodemos Damianou and Naranker Dulay and Emil Lupu and Morris Sloman}, title = {The Ponder Policy Specification Language}, institution = {Dept. of Computing, Imperial College, London}, year = {2000}, OPTkey = {}, OPTtype = {}, number = {V5}, address = {\htmladdnormallink{http://www.doc.ic.ac.uk/$\sim$mss/Papers/Ponder-summ ary.pdf}{http://www.doc.ic.ac.uk/~mss/Papers/Ponder-summary.pdf}}, month = {Aug}, note = {Very similar to \cite{damianou:5}}, annote = {paper copy in Phase 2 library} } Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC