OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XACML 2.0 Work Items, V1.2

Colleagues,

This list incorporates new items people have brought to my
attention since I published our initial list.

I will be on vacation all next week, returning to the office
11 August.

Anne Anderson
--------------------------------------------------------------
Title:   XACML 2.0 Work Items
Version: 1.2
Updated: 03/08/01 (yy/mm/dd)

1. Grid Requirements

   Any XACML changes needed to satisfy Grid requirements

   STATUS: Abstract Work Item.  As specific changes are
      identified, they will become individual work items with
      their own numbers, listed here.
      Current specific work items: #2, 3, 4.

2. Location Information

   Way to pass location information needed to evaluate a policy.
   Examples of such information are:
    o where to find various Attributes,
    o where Attribute Authorities to be used are located
    o where to find function, combining algorithm, data-type,
      Attribute parsing code
   Such information might be embedded in either of
   a. an XACML Request
   b. an XACML policy

   STATUS: potential work item.  Related: #24.

3. Multiple Actions per Request

   Support Requests containing multiple Actions.  Response could
   either say "All permitted/denied" or could include a separate
   decision for each.

   STATUS: potential work item.

4. Multiple Resources per Request   

   Support Requests containing multiple Resources.  Response
   could either say "All permitted/denied" or could include a
   separate decision for each.

   STATUS: potential work item.

5. Privacy Requirements

   Any XACML changes needed to satisfy Privacy requirements.

   STATUS: Abstract Work Item.  As specific changes are
      identified, they will become individual work items with
      their own numbers, listed here.

6. Domain-specific identifiers

   Define a set of domain-specific identifiers based on
   application usage of XACML.
 
   STATUS: Postponed from 1.1.

7. ConditionReference

   Allow a Rule to contain a ConditionReference element as an
   alternative to a Condition element.  The ConditionReference
   would identify a Condition element specified elsewhere.  An
   optional ConditionId attribute would be added to the Condition
   element to support this.

   STATUS: Postponed from 1.1.
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200304/msg00039.html

8. RuleReference

   STATUS: Postponed from 1.1.
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200305/msg00004.html  

9. Hierarchical entities

   How to express policies and requests that apply to a hierarchy
   of subjects, resources, or actions.

   STATUS: Postponed from 1.1.
   PROPOSALS:
    http://lists.oasis-open.org/archives/xacml/200304/msg00057.html
    http://lists.oasis-open.org/archives/xacml/200305/msg00009.html

10. Parameters for Combining Algorithms

   Support an element or attribute in a PolicySet, Policy, or Rule
   that provides parameters to be used by a Combining Algorithm
   that is combining the PolicySet, Policy, or Rule.

   STATUS: Postponed from 1.1.
   PROPOSAL:
     http://lists.oasis-open.org/archives/xacml/200305/msg00014.html

11. XACML Extension Points

   Define schema extension points for XACML.  This work item
   might solve the requirements driving several other work
   items.

   STATUS: potential work item.

12. Environment Element in Target

   Allow the Target Element to include an Environment element,
   just as it now includes Subject, Resource, and Action
   elements.

   STATUS: Postponed from 1.1.
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200305/msg00012.html

13. Optional Target Elements

   Make Subjects, Resources, Actions elements optional in a
   Target.  Missing element has same semantics as <Any.../>
   Make Target itself optional.  Missing element has same
   semantics as a Target containing <AnySubject/>,
   <AnyResource/>, <AnyAction/>.

   STATUS: potential work item.

14. Signature envelope requirements

   Any new XACML work items to meet requirements for signature
   envelopes around an XACML schema instance, such as including
   an XACML Policy or Request in a signed SAML Assertion.
    
   STATUS: Abstract Work Item.  As specific changes are
      identified, they will become individual work items with
      their own numbers, listed here.
   
15. Encrypted XACML schema instance requirements

   Any new XACML work items to meet requirements for encrypted
   XACML Policy or Context schema instances.

   STATUS: Abstract Work Item.  As specific changes are
      identified, they will become individual work items with
      their own numbers, listed here.

16. XACML Policy in SAML Response Conditions

   Profile uses of XACML Policy instances as a syntax for
   specifying Conditions in a SAML Response.

17. XACML Policy in SAML Request Conditions

   Profile use of SAML Conditions element as a way for a PEP to
   pass an XACML Policy to be used by the PDP in evaluating the
   Request.

   STATUS: potential work item.

18. Obligations in Rules

   Allow Rule to contain Obligations.

   STATUS: postponed from 1.1
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200305/msg00011.html

19. Rule as lowest administrative unit

   Allow a Rule to be the lowest administrative unit for XACML.
   Probably required to support RuleReference.

   STATUS: potential work item.

20. Non-normative XACML interpretation guide

   Rationale, examples, possible implementation models; general
   information that would help XACML users know the intent of the
   XACML TC for the use of XACML elements.

   STATUS: potential work item.  Probably parallel to XACML 2.0.

21. Non-normative XACML Primer

   Primer for XACML usage.

   STATUS: potential work item.  Probably parallel to XACML 2.0.

22. time-in-range function

   Provide a function for comparing that a time of day is between
   two other times of day.

   STATUS: potential work item.
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200307/msg00044.html

23. Use XQuery comparison functions for date, time, dateTime

   Allow date, time, and dateTime functions to handle comparing a
   value with no time zone with a value with a time zone.

   STATUS: potential work item
   PROPOSAL:
    http://lists.oasis-open.org/archives/xacml/200307/msg00044.html

24. Define a schema for function declarations

   Define a schema for declaring the signature of a function.
   Probably needed with #2 if #2 includes finding parsing and
   evaluation code for new FunctionIds.

   STATUS: potential work item.  Related: #2.

25. Function for comparing file system pathnames.

   Define a function for specifying and comparing file system
   pathnames used in resource-id.  Possibly new DataType also.

   STATUS: potential work item.

26. Define policy reduction (partial evaluation) of a policy

   Define a process for reducing a policy based on known
   information, leaving only the unresolved predicates.

   STATUS: potential work item.

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]