[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] apr15 schema subcom issues
Hi all,
Thanks to Anne for pointing to these sources. BTW, I checked XACML
document repository and found 6 references to Ponder project. Did
anybody have a chance to get familiar with what specifically those
people have done? What I got out of brief scanning the paper Anne
reffered to, they used OCL for specifying constraints in their policies
as well as expressions in Ponder's "meta-policies." The Ponder project
must have quite a bit of experience with using OCL in the access control
problem domain.
This discussion of using a language for combiners made me think of
something else (but not completely different). If it is really a goal
for XACML TC to produce such a spec that any two XACML-compliant PDPs
would always return the same result for any given authorization request
and policy, then the spec needs to be very precise not only about the
semantics of standard combiners. It needs to have precise definition of
semantics for many other things in the schema. By "precise definition" I
mean here a definition in some formal language and not in plain English.
If this TC defines precisely the semantics of only standard combiners,
the TC would not achieve this goal. If so, then the TC could just
acknowledge this fact by explicitly saying somewhere in the spec that
the spec is not giving precise definition of the semantics for the
schema elements, and move on without spending the members' time on
"covering" combiners. This decision could be re-evaluated in later
versions of the spec though when all bigger problems are solved.
Best regards
Konstantin
-----Original Message-----
From: Anne Anderson [mailto:Anne.Anderson@Sun.com]
Sent: Wednesday, April 17, 2002 12:41 PM
To: xacml@lists.oasis-open.org
Subject: Re: [xacml] apr15 schema subcom issues
On 17 April, ernesto damiani writes: [xacml] apr15 schema subcom issues
> One more comment about OCL: it has been used with mixed results as a
query
> language for class declaration repositories, e.g. to select existing
> declaration and implementations that "match" a given template.
> As a language for describing algorithms from scratch well... it has
its
> drawbacks.
OCL was used in the following two access control policy
projects, but I had trouble understanding the resulting
specifications.
author = {F. Chen and R. S. Sandhu},
title = {Constraints for Role-Based Access Control},
booktitle = {Proceedings of the 1st {ACM}/{NIST} Role Based Access
Control Workshop, Gaithersburg, Maryland, {USA}},
OPTcrossref = {},
OPTkey = {},
OPTpages = {},
year = {1995},
OPTeditor = {},
OPTvolume = {},
OPTnumber = {},
OPTseries = {},
OPTaddress = {},
OPTmonth = {},
OPTorganization = {},
publisher = {{ACM} Press},
note = {cited in \cite{damianou:1}. Uses OCL \cite{uml:1}.},
OPTannote = {}
@TechReport{damianou:1,
author = {Nicodemos Damianou and Naranker Dulay and Emil Lupu
and Morris Sloman},
title = {The Ponder Policy Specification Language},
institution = {Dept. of Computing, Imperial College, London},
year = {2000},
OPTkey = {},
OPTtype = {},
number = {V5},
address =
{\htmladdnormallink{http://www.doc.ic.ac.uk/$\sim$mss/Papers/Ponder-summ
ary.pdf}{http://www.doc.ic.ac.uk/~mss/Papers/Ponder-summary.pdf}},
month = {Aug},
note = {Very similar to \cite{damianou:5}},
annote = {paper copy in Phase 2 library}
}
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC