xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [xacml] REST Profile - PAP Issues
- From: Craig R Forster <cforster@us.ibm.com>
- To: Hal Lockhart <hal.lockhart@oracle.com>
- Date: Thu, 31 May 2012 18:10:52 -0500
>> we should split off the policy management aspects into a different profile and drive the REST-based decision request to completion.
Without the policy administration, there's nothing left that is "REST". All we have is a HTTP POST binding for XACML requests and responses, with perhaps a JSON representation. Calling this a "REST profile" wouldn't be accurate.
Regards,
Craig
-------
craig forster | technical lead, tivoli security policy manager
cforster@us.ibm.com
-------
Hal Lockhart ---05/31/2012 09:55:49 AM---> Accessing policies via REST is pretty straightforward. The tricky part > is the semantics behind
From: |
Hal Lockhart <hal.lockhart@oracle.com> |
To: |
Danny Thorpe <Danny.Thorpe@quest.com>, remon.sinnema@emc.com, |
Cc: |
xacml@lists.oasis-open.org |
Date: |
05/31/2012 09:55 AM |
Subject: |
RE: [xacml] REST Profile - PAP Issues |
Sent by: |
<xacml@lists.oasis-open.org> |
> Accessing policies via REST is pretty straightforward. The tricky part
> is the semantics behind POST for policy revision. If we can't find an
> abstraction that we can be confident will be compatible with an as yet
> undefined policy management policy/semantic, perhaps the best step for
> moving the REST profile along is to remove policy POST from the REST
> spec for the moment?
I think XACML has benefitted from having a relatively clear model of the relationship between the PEP and the PDP. In particular it has guided decisions about what aspects to standardize and what to leave unspecified.
Currently the PAP concept is pretty vague. I think we need to break it up into subcomponents and define their relationships. This will give us the ability to decide what aspects should be standardized, what properties the components are required to implement and where the opportunities for unstandardized value add are.
I therefore agree with Danny that we should split off the policy management aspects into a different profile and drive the REST-based decision request to completion. I am uncertain whether this should wait on the JSON representation or that should be put off to a later version. An additional possible advantage of this approach is that it may be prove much simpler to specify the Request in JSON than the policy language.
Hal
---------------------------------------------------------------------
To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-help@lists.oasis-open.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]