[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: DLP-NAC: Multiple Resource-IDs in a single request
|
What is the best method to satisfy this use case (provided by NextLabs)? Policy authors need to be able to express that users cannot copy content from resource-id to another. What is the expected behavior of
the PDP when it receives an XACML request with two or more subject Resource-ID attributes? 1.1.1
Prevent sensitive data from being copied from one resource to another
Acme security policy prohibits copying proprietary information from one resource to another. Alice attempts to copy sensitive data from one resource to a new one she just created. The request fails. Sample attributes
and values are listed below.
1.1.1.1 Description
This sample policy can be summarized as follows: Target: This policy is only applicable if
Resource-location = “webserver1.acme.com”
AND Resource-ID contains “confidential\.acme\.com” Rule: This rule is only applicable if
Action-ID contains “Copy” Then if Subject-ID-qualifier = “acme.com” AND Resource-ID = Resource-ID DENY |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]