[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Minutes of 20 May 2004 XACML Focus Group
My objection to this approach is that it moves the burden of knowing the hierarchy on the policy writer. With "ancestors" bag, one only need to know a single unique label for the resource, not its place in hierarchy (nor all its possible places in hierarchy, as in the case of the bag resource-id value) Other issue is that it doess put the burden on dealing with constructing the proper identifiers on the application, not on the authorization system. I understand that it is a rather useful case, but as it is less generic, I would suggest specifying it as a profile, or recommendation, rather then the standard approach. > a. Standard URI syntax for hierarchical resources that are not XML documents.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]