OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Minutes of 20 May 2004 XACML Focus Group

My objection to this approach is that it moves the burden of knowing the
hierarchy on the policy writer.   With "ancestors" bag, one only need to
know a single unique label for the resource, not its place in hierarchy
(nor all its possible places in hierarchy, as in the case of the bag
resource-id value)
Other issue is that it doess put the burden on dealing with constructing
the proper identifiers on the application, not on the authorization
system.  
I understand that it is a rather useful case, but as it is less generic,
I would suggest specifying it as a profile, or recommendation, rather
then the standard approach.

> a. Standard URI syntax for hierarchical resources that are not
   XML documents.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]