OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] RE: [xacml-comment] Public Comment

i think this plays well with the concept of a PDP root policy(set).

b

Hal Lockhart wrote:
> I think the idea of more defaults is a good one and I am forwarding this
> to the TC list.
> 
> However, based on past discussions, I believe the TC would be more
> likely to select "deny-overrides" as the default.
> 
> Hal
> 
> 
>>-----Original Message-----
>>From: comment-form@oasis-open.org [mailto:comment-form@oasis-open.org]
>>Sent: Tuesday, December 20, 2005 11:48 AM
>>To: xacml-comment@lists.oasis-open.org
>>Subject: [xacml-comment] Public Comment
>>
>>Comment from: ludwig@sics.se
>>
>>Name: Ludwig Seitz
>>Title: PhD Researcher
>>Organization: Security, Policy and Trust Laboratory, SICS, Sweden
>>Regarding Specification: XACML
>>
>>Hello all,
>>I wanted to suggest some points for the XACML standard with the goal
> 
> of
> 
>>simplifying XACML Policies (by reducing their verboseness).
>>
>>1. Define a default policy/rule combining algorithm, e.g. "permit-
>>overrides", if the attribute PolicyCombiningAlgId/RuleCombiningAlgId
> 
> is
> 
>>missing from a PolicySet/Policy tag.
>>
>>2. Define "string-equal" as default MatchId attribute in SubjectMatch,
>>ResourceMatch and ActionMatch tags.
>>
>>3. Define "http://www.w3.org/2001/XMLSchema#string"; as default
> 
> DataType
> 
>>attribute in AttributeValue tags.
>>
>>4. Define "urn:oasis:names:tc:xacml:1.0:subject:subject-id"/
>>"urn:oasis:names:tc:xacml:1.0:resource:resource-id"/
>>"urn:oasis:names:tc:xacml:1.0:action:action-id"
>>as default values for the AttributeId attribute of
>>SubjectAttributeDesignator/
>>ResourceAttributeDesignator/
>>ActionAttributeDesignator
>>
>>Regards,
>>
>>Ludwig Seitz
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: xacml-comment-unsubscribe@lists.oasis-open.org
>>For additional commands, e-mail:
> 
> xacml-comment-help@lists.oasis-open.org
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
> 

-- 
Simula Labs
The Open Source Venture Partners
4676 Admiralty Way, Suite 520
Marina del Rey, CA 90292
t: +1 310 437-4888
f: +1 800 822-0471

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]