[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Revised Issue#5 text:inclusion of policies in Request Context
Seth pointed out that I did not address whether policies included in a Request Context can reference external policies, and whether policies included in a Request Context can use Attributes that are not included in the Request Context. My proposal to both is yes. Here is revised text: "A Request Context MAY include an XACML Policy or PolicySet element that contains access or administrative policies. Where such an element is present, the policies MAY be used by the PDP for evaluation of the current authorization decision request only, including any modified Request Contexts generated as part of Administrative Policy evaluation of the current request. Such policies MAY reference external policies not included in the Request Context, and MAY be evaluated using Attributes not provided in the decision request by the PEP; that is, such policies, once in use by the PDP, are treated as any other policy used by the PDP. Whether such policies are used, and the combining algorithm for combining them with any other policies applicable to the authorization decision request, are dependent on the implementation of the PDP." We might want to include 1) Whether included policies are used, and 2) How included policies are combined with others in the PDP metadata proposed in Issue#36. Regards, Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]