OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Revised Issue#5 text:inclusion of policies in Request Context


Seth pointed out that I did not address whether policies included in a 
Request Context can reference external policies, and whether policies 
included in a Request Context can use Attributes that are not included 
in the Request Context.  My proposal to both is yes.  Here is revised text:

"A Request Context MAY include an XACML Policy or PolicySet element that 
contains access or administrative policies. Where such an element is 
present, the policies MAY be used by the PDP for evaluation of the 
current authorization decision request only, including any modified 
Request Contexts generated as part of Administrative Policy evaluation 
of the current request. Such policies MAY reference external policies 
not included in the Request Context, and MAY be evaluated using 
Attributes not provided in the decision request by the PEP; that is, 
such policies, once in use by the PDP, are treated as any other policy 
used by the PDP.  Whether such policies are used, and the combining 
algorithm for combining them with any other policies applicable to the 
authorization decision request, are dependent on the implementation of 
the PDP."

We might want to include
1) Whether included policies are used, and
2) How included policies are combined with others

in the PDP metadata proposed in Issue#36.

Regards,
Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]