OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] RE: [xacml-comment] Public Comment


I still do not get the concept of a Root Policy set.

Of what purpose would this serve in the standard?

It might serve as a product instruction manual which is a single 
monolithic PDP saying that there is one policy which is the root of that 
PDP, which is either a PolicySet or Policy.

If you are pulling out relavant policies out of an LDAP server (only for 
example), then where is this "root"?

-Polar


On Wed, 21 Dec 2005, Bill Parducci wrote:

> i think this plays well with the concept of a PDP root policy(set).
>
> b
>
> Hal Lockhart wrote:
>> I think the idea of more defaults is a good one and I am forwarding this
>> to the TC list.
>> 
>> However, based on past discussions, I believe the TC would be more
>> likely to select "deny-overrides" as the default.
>> 
>> Hal
>> 
>> 
>>> -----Original Message-----
>>> From: comment-form@oasis-open.org [mailto:comment-form@oasis-open.org]
>>> Sent: Tuesday, December 20, 2005 11:48 AM
>>> To: xacml-comment@lists.oasis-open.org
>>> Subject: [xacml-comment] Public Comment
>>> 
>>> Comment from: ludwig@sics.se
>>> 
>>> Name: Ludwig Seitz
>>> Title: PhD Researcher
>>> Organization: Security, Policy and Trust Laboratory, SICS, Sweden
>>> Regarding Specification: XACML
>>> 
>>> Hello all,
>>> I wanted to suggest some points for the XACML standard with the goal
>> 
>> of
>> 
>>> simplifying XACML Policies (by reducing their verboseness).
>>> 
>>> 1. Define a default policy/rule combining algorithm, e.g. "permit-
>>> overrides", if the attribute PolicyCombiningAlgId/RuleCombiningAlgId
>> 
>> is
>> 
>>> missing from a PolicySet/Policy tag.
>>> 
>>> 2. Define "string-equal" as default MatchId attribute in SubjectMatch,
>>> ResourceMatch and ActionMatch tags.
>>> 
>>> 3. Define "http://www.w3.org/2001/XMLSchema#string"; as default
>> 
>> DataType
>> 
>>> attribute in AttributeValue tags.
>>> 
>>> 4. Define "urn:oasis:names:tc:xacml:1.0:subject:subject-id"/
>>> "urn:oasis:names:tc:xacml:1.0:resource:resource-id"/
>>> "urn:oasis:names:tc:xacml:1.0:action:action-id"
>>> as default values for the AttributeId attribute of
>>> SubjectAttributeDesignator/
>>> ResourceAttributeDesignator/
>>> ActionAttributeDesignator
>>> 
>>> Regards,
>>> 
>>> Ludwig Seitz
>>> 
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: xacml-comment-unsubscribe@lists.oasis-open.org
>>> For additional commands, e-mail:
>> 
>> xacml-comment-help@lists.oasis-open.org
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  You may a link to this group and all your TCs in 
>> OASIS
>> at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 
>
> -- 
> Simula Labs
> The Open Source Venture Partners
> 4676 Admiralty Way, Suite 520
> Marina del Rey, CA 90292
> t: +1 310 437-4888
> f: +1 800 822-0471
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]