[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft
On 14 July, Bill Parducci writes: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft > Anne Anderson wrote: > > > 2. An XML document treated as a single resource, but where > > constraints MAY depend on the values of specific nodes in the > > resource, A subject wants to view a given hospital patient record, which is an XML document file. The policy is that subjects can view patient records only if they are in role "hospital administrator" or if their "subject-id" matches the <attending physician> or <patient name> values in the patient record. The system does not want to have to ask about each node in the record, because its policy is either to give access to the entire document or not at all. I think this is a realistic use case. > > 3. A node subtree of an XML document treated as a single resource, > > again where constraints may depend on the values of specific > > nodes in the resource, > > if someone has a use case for either of these i would be interested in > seeing it. I do not know of a real use case here. It would most likely occur if some system kept a large virtual XML document such as <HospitalRecords> containing a sequence of individual <PatientRecord> sub-documents (as in case 2 above). Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]