OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Minor XACML Spec errata and resource labels


Dear Jeff,

Thank you for the erratum.  I have forwarded it to the
xacml-comment mailing list.

I assume, by "resource label", you mean a classification scheme
and a classification value, such as "U.S. Navy Classification
System XYZ" "top secret".  This could be expressed in XACML as an
"Attribute" of the Resource.  The AttributeId could be a URN
indicating the classification scheme, and the AttributeValue
could be the classification value.

Does this satisfy your requirements?

Anne Anderson

On 19 April, Jeff writes: Minor XACML Spec errata and resource labels
 > From: "Jeff" <jeff@cogentlogic.com>
 > To: <Anne.Anderson@sun.com>
 > Subject: Minor XACML Spec errata and resource labels
 > Date: Sat, 19 Apr 2003 17:02:54 -0400
 > 
 > Hi Anne,
 > 
 > Thanks for all the great XACML work :-)
 > 
 > There's a minor error on line 1674 (page 44, PolicySet line [071]) of oasis-####-xacml-1.0.pdf: please remove the trailing slash.
 > 
 > I don't see anything in XACML relating to resource labels (in fact the word label doesn't appear at all in oasis-####-xacml-1.0.pdf!). Resource labels are part of the authorization support in the X.509 standard and are used in several RBAC implementations. Resource labels are useful in enabling resource characteristics (i) to be set on resources and (ii) to form part of access control decisions. I feel sure that you must be aware of this and can only conclude that a PolicySet is intended to act as a resource label (in addition to acting as a policy set!). Is this correct?
 > 
 > 
 > Warmest regards,
 > 
 > Jeff Lawson
 > Cogent Logic
 > Toronto, Canada
 > (416) 340 8025
 > 
 > 
 > 
 > -----Original Message-----
 > From: Anne Anderson [mailto:Anne.Anderson@Sun.com]
 > Sent: Thursday, January 16, 2003 1:50 PM
 > To: XACML COMMENT
 > Cc: XACML TC
 > Subject: [xacml-comment] Minor XACML Spec errata
 > 
 > 
 > These should go into the Errata document (if they are approved by
 > the TC):
 > 
 > 
 > * page 62, line 2492: there is no DataType in
 >   AttributeAssignment.  There is a DataType in the base type, but
 >   other descriptions of extended types do not call out attributes
 >   that have been defined in the base type.
 > * page 69, line 2773: B.7 should be B.9
 > * page 75, line 2961: there is no Issuer in an AttributeSelector,
 >   so Issuer should be removed.
 > * page 85, line 3317: resource-id should be marked Mandatory
 > 
 > Anne
 > -- 
 > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
 > Sun Microsystems Laboratories
 > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
 > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
 > 
 > 
 > ----------------------------------------------------------------
 > To subscribe or unsubscribe from this elist use the subscription
 > manager: <http://lists.oasis-open.org/ob/adm.pl>
 > 
 > 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]