OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] RE: Context Handler

I agree partially with both Erik and Ray.

I don't think a new architectural component is required.  "Context handler" is sufficiently underspecified to allow any desired level of semantic entailment.

I don't think semantic entailment should be "just another PIP", although it could probably be implemented that way.

The important point is that there must be some way for the policy author to specify the ontology that governs the world for which he is writing policies.  And, developers of PEPs and PIPs must know about this ontology.

Currently, policy authors and component developers only need to agree on a common attribute vocabulary.  For semantic XACML, they need furthermore to agree on an ontology that defines classes and relationships among them.  This agreement could happen "out of band" (as currently happens with the attribute vocabulary), or it could be specified in a XACML syntax instance (perhaps by naming an ontology in a Policy or PolicySet).

Regards,
--Paul

> -----Original Message-----
> From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On
> Behalf Of Erik Rissanen
> Sent: Monday, 19 December, 2011 07:59
> To: remon.sinnema@emc.com
> Cc: xacml@lists.oasis-open.org
> Subject: Re: [xacml] RE: Context Handler
> 
> Hi Ray,
> 
> I did not understand that. As far as I can see, when the PDP needs the
> "type" attribute, it can ask a PIP to provide it. The PIP has all
> attributes of the request available as key values. How is this
> different
> from  a REP? The available information seems to be the same in either
> case. What did I not get?
> 
> Best regards,
> Erik
> 
> On 2011-12-19 11:43, remon.sinnema@emc.com wrote:
> > Erik,
> >
> >
> >> -----Original Message-----
> >> From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org]
> On
> >> Behalf Of Erik Rissanen
> >> Sent: Monday, December 19, 2011 11:08 AM
> >> To: Sinnema, Remon
> >> Cc: xacml@lists.oasis-open.org
> >> Subject: Re: [xacml] RE: Context Handler
> >>
> >> To add hierarchical actions or semantic entailment, you can provide
> this
> >> through a PIP in the architecture. Why would you need to change
> anything?
> > Semantic entailment can *not* be done through a PIP (see the email
> thread Paul and I exchanged on this subject), and I'm sure that there
> are other examples like that.
> >
> > Thanks,
> > Ray
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: xacml-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]