xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Brief summary of yesterday's focus group call
- From: Tim Moses <tim.moses@entrust.com>
- To: XACML <xacml@lists.oasis-open.org>
- Date: Fri, 25 Mar 2005 12:59:50 -0500
Title: Message
Present: Erik,
Frank, Simon, Tim. Dave
We briefly discussed
the 'generalization' draft. There were no objections to the direction it
is taking.
We discussed Hal's
draft on policy administration. Erik had provided comments and Frank has
mailed a revised draft to the list.
There was agreement
that 'flattening' is useful for 'administration' policies and for 'dynamic'
policies that may be re-used. Flattening is only practical with a
restricted form of the <Condition> element.
Frank pointed out
that it will be the job of the context handler to construct the policy
chain, by making repeated requests to the PDP. He advocates adding an
element to <Target> to accommodate a 'Delegate' match specification.
He raised the possibility of making <Target> even more general by allowing
it to contain a conjunction of any match specifications. This
suggestion had previously been made by Daniel. But, timing prevented us
from considering the suggestion for v2.0.
The topic of issuers
constraining delegation depth was raised and it was generally felt that this
feature should be included.
Dave asked about
separation of duties and whether administration policies need to accommodate
such constraints. Tim suggested that separation of duty rules should
appear in the access policy, not in the administration
policy.
Frank reminded us
that we need to modify the request context to accommodate policies supplied by
the access requestor.
Discussion will
continue on the list. Frank committed to issuing a new working draft on or
before the 5th of April.
All the best.
Tim.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]