[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [Re: [xacml] obligations & error conditions] - PROPOSAL (fwd)
On this argument again, maybe I can make myself quite clear by stating who is writing the access control policies. I am using XACML, and some XACML compliant product, so I, *me*, the proverbial purveyor of AUTHORITY in my organization. so I can WRITE MY POLICY governing access control No where in the entire XACML document doesn't it say that I should Deny access to people under 5ft, or to allow access to the Cookie Monster. It is completely POLICY INDEPENDANT, because, of course, that is MY business, not yours. The way I deploy the product, and the way I configure my access control system is under my control, under MY POLICY, nobody elses. If the damn product comes up with something I didn't expect from MY policies, then that is still MY POlICY of how I deal with that. Nobody elses. Your "default policy" as you write, is a POLICY. And since it is a POLICY, you have no business telling me what it should be contained in it. It's a policy, my policy. XACML tells me how to write policies. It doesn't mandate what they should be. Cheers, -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]