OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Another public comment on admin policy

Maybe he is referring to delegation of entitlements - when the action of
a policy means "delegate" an effect of another policy - two stage
evaluation.  That is not quite what the current delegation proposal is
trying to solve, is it?
Daniel;


-----Original Message-----
From: Erik Rissanen [mailto:mirty@sics.se] 
Sent: Monday, May 29, 2006 8:31 AM
To: Anne.Anderson@sun.com
Cc: xacml; pog@itst.dk
Subject: Re: [xacml] Another public comment on admin policy

Again, I don't quite understand this. Could you provide an example or
elaborate?

However, it is possible to do a lot with custom policy combining
algorithms. I implemented my experimental delegation in XACML 1.1 using
obligations and a custom policy combining algorithm.

Best regards, Erik


Anne Anderson wrote:
> Erik?
>
> Regards,
> Anne
>
>
------------------------------------------------------------------------
>
> Subject:
> [xacml-comment] Public Comment
> From:
> comment-form@oasis-open.org
> Date:
> Mon, 29 May 2006 12:22:35 +0000
> To:
> xacml-comment@lists.oasis-open.org
>
> To:
> xacml-comment@lists.oasis-open.org
>
> Return-path:
> <xacml-comment-return-231-Anne.Anderson=sun.com@lists.oasis-open.org>
> Received:
> from sml-sfvt2a.sfvic.sunlabs.com ([152.70.2.220]) by
> mail-srv.sfvic.sunlabs.com (Sun Java System Messaging Server 6.1
> HotFix 0.02 (built Aug 25 2004)) with ESMTP id
> <0J01008ZH12AOX00@mail-srv.sfvic.sunlabs.com> for
> aa74233@sml-sfvic-mail-swan.SFBay.Sun.COM; Mon, 29 May 2006 05:22:58
> -0700 (PDT)
> Received:
> from sfbaymail1sca.SFBay.Sun.COM ([129.145.154.35]) by
> mail-swan.sfvic.sunlabs.com (Sun Java System Messaging Server 6.1
> HotFix 0.02 (built Aug 25 2004)) with ESMTP id
> <0J0100GY312A8G00@mail-swan.sfvic.sunlabs.com> for
> aa74233@sml-sfvic-mail-swan.SFBay.Sun.COM (ORCPT
> Anne.Anderson@sun.com); Mon, 29 May 2006 05:22:58 -0700 (PDT)
> Received:
> from sunmail2.sfbay.sun.com (sunmail2.SFBay.Sun.COM [129.149.246.180])
> by sfbaymail1sca.SFBay.Sun.COM (8.12.10+Sun/8.12.10/ENSMAIL,v2.2) with
> ESMTP id k4TCMwtx020565 for <anne.anderson@sfbay.sun.com>; Mon, 29 May
> 2006 05:22:58 -0700 (PDT)
> Received:
> from nwk-avmta-1.SFBay.Sun.COM (nwk-avmta-1.SFBay.Sun.COM
> [129.149.246.28]) by sunmail2.sfbay.sun.com
> (8.11.7p1+Sun/8.11.7/ENSMAIL,v2.2) with ESMTP id k4TCMwu11651 for
> <@sunmail2.sfbay.sun.com:Anne.Anderson@sun.com>; Mon, 29 May 2006
> 05:22:58 -0700 (PDT)
> Received:
> from pmxchannel-daemon.nwk-avmta-1.sfbay.Sun.COM by
> nwk-avmta-1.sfbay.Sun.COM (Sun Java System Messaging Server 6.2 (built
> Dec 2 2004)) id <0J0100L0N1270D00@nwk-avmta-1.sfbay.Sun.COM> for
> Anne.Anderson@sun.com (ORCPT Anne.Anderson@sun.com); Mon, 29 May 2006
> 05:22:55 -0700 (PDT)
> Received:
> from brmea-mail-3.sun.com ([192.18.98.34]) by
> nwk-avmta-1.sfbay.Sun.COM (Sun Java System Messaging Server 6.2 (built
> Dec 2 2004)) with ESMTP id
> <0J0100JES126HX50@nwk-avmta-1.sfbay.Sun.COM> for Anne.Anderson@sun.com
> (ORCPT Anne.Anderson@sun.com); Mon, 29 May 2006 05:22:54 -0700 (PDT)
> Received:
> from relay21.sun.com (relay21.sun.com [192.12.251.14] (may be forged))
> by brmea-mail-3.sun.com (8.12.10/8.12.9) with ESMTP id k4TCMrfG000831
> for <Anne.Anderson@sun.com>; Mon, 29 May 2006 06:22:54 -0600 (MDT)
> Received:
> from mms26es.sun.com (mms26es.sun.com [150.143.232.114]) by
> relay21.sun.com with ESMTP for Anne.Anderson@sun.com; Mon, 29 May 2006
> 12:22:53 +0000 (Z)
> Received:
> from relay23.sun.com (relay23.sun.com [192.12.251.54]) by
> mms26es.sun.com with ESMTP for Anne.Anderson@sun.com; Mon, 29 May 2006
> 12:22:51 +0000 (Z)
> Received:
> from mail.oasis-open.org ([209.202.168.106] [209.202.168.106]) by
> relay23.sun.com for Anne.Anderson@sun.com; Mon, 29 May 2006 12:22:51
> +0000 (Z)
> Received:
> (qmail 13849 invoked by uid 508); Mon, 29 May 2006 12:22:38 +0000
> Received:
> (qmail 13840 invoked by uid 60881); Mon, 29 May 2006 12:22:38 +0000
> Sender:
> xacml-comment-return-231-Anne.Anderson=sun.com@lists.oasis-open.org
> Reply-To:
> pog@itst.dk
> Message-ID:
> <20060529122235.22617.qmail@eos.oasis-open.org>
> MIME-Version:
> 1.0
> Content-type:
> TEXT/PLAIN
> Content-transfer-encoding:
> 7BIT
> Precedence:
> bulk
> Delivered-to:
> mailing list xacml-comment@lists.oasis-open.org
> Mailing-List:
> contact xacml-comment-help@lists.oasis-open.org; run by ezmlm
> X-PMX-Version:
> 5.1.2.240295
> List-Post:
> <mailto:xacml-comment@lists.oasis-open.org>
> List-Subscribe:
> <mailto:xacml-comment-subscribe@lists.oasis-open.org>
> List-Unsubscribe:
> <mailto:xacml-comment-unsubscribe@lists.oasis-open.org>
> List-Help:
> <mailto:xacml-comment-help@lists.oasis-open.org>
> X-No-Archive:
> yes
> Original-recipient:
> rfc822;Anne.Anderson@sun.com
>
>
> Comment from: pog@itst.dk
>
> Name: Alt. Solution II
> Title: IT-architect
> Organization: ISK, ITST, MVTU
> Regarding Specification: XACML v3.0 administrative policy
>
> A remark on page 9: Has there been any consideration on using XACML as
is?
>
> Delegation is one policy reformulated into a policy set and split into
two policies.
>
> The Policy-Combining algorithm is given the existence of the original
policy as a prerequisite.
>
> The first of the new policies describes the rule constraining the
relation between the original holder and new.
>
> The second of the new policies describes the rule constraining the
relation between the new holder and the original resource.
>
> Kind Regards
> Per-Olav Gramstad
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: xacml-comment-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
xacml-comment-help@lists.oasis-open.org
>
>
>   
>
------------------------------------------------------------------------
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  You may a link to this group and all your TCs in
OASIS
> at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php




---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  You may a link to this group and all your TCs in
OASIS
at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 

_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]