[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] proposal for action-id, subject-id, and required Attributes
On Tue, 3 Sep 2002, Anne Anderson wrote: > On 3 September, Polar Humenn writes: Re: [xacml] proposal for action-id, subject-id, and required Attributes > > Anne, again, just requiring the Subject to have "one other" attribute, > > which is "typically" the "subject-id", doesn't really buy you much. > > > > I suggest that we should take a stance of being consistent across all > > subjects, actions, and resources. For each, either that no attributes are > > guarranteed to be there, or they all have at least one attribute available > > and we know explicitly what that attribute is. > > I vote for "no attributes are guaranteed to be there". I do not > care whether we make minOccurs=0 or 1, although I think we can > eliminate some meaningless cases by requiring at least 1, even if > we do not specify which one that is. All I am saying that requiring 1 attribute without knowing what that attribute is, doesn't make the situation any more "meaningful". However, I don't see the sense in not being able to write a policy about a subject, resource, and action, that is guarranteed to work on all PEP-PDP XACML interfaces. -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC