[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Groups - xacml-3.0-hierarchical-v1.0-wd14.doc uploaded
Hi Mohammad, On 22/01/2014 3:00 PM, Mohammad Jafari wrote:
Thanks Erik. I am wondering if the work on Nested and Related Entities can influence this profile.
Probably not. Insofar as they overlap, I think the entities profile and the hierarchical profile should be considered to be alternative approaches to the same problem space, with some notable differences. > It seems to me that “hierarchies” can be considered special cases of “related entities”. Related entities can form an arbitrary graph, of which the hierarchies defined by the hierarchical profile are a special case. Trees can also be represented by nested entities. Here are the differences as I see them. From the perspective of the entities profile, the resource-parent, resource-ancestor and resource-ancestor-or-self attributes are flattened attributes. They flatten the resource-id attributes of the ancestor nodes into the resource category. This is the only information from the ancestor nodes of non-XML hierarchies that can be tested by an XACML policy using the hierarchical profile. Additional flattened attributes could be defined, but that would introduce the correlation issues inherent to the use of flattened attributes. The entities profile allows any attributes of related nodes to be tested by explicit reference to the links between nodes. Those explicit references are a limitation compared to the hierarchies profile in that the resource-ancestor and resource-ancestor-or-self attributes are defined by the transitive closure of the child-parent relationship, but the entities profile doesn't address transitive closure. A hierarchy represented as an XML document could also be represented by nested entities. The content-selector attribute has been defined by the hierarchical profile to select the node in the hierarchy that is the resource. I haven't defined anything like that in the entities profile. The content-selector attribute uses XPath expressions. The analogue for nested entities would be an XACML expression, which would be a new data-type. I don't think that is worth doing since the situation can be handled with related entities instead of nested entities; the resource category <Attributes> element would contain the resource node and the higher and lower nodes in the hierarchy would be in other <Attributes> elements (i.e., other entities) linked by URI values. In all, I don't see a need to change the hierarchical profile because of the entities profile. There is perhaps something that the multiple decision profile could say about a request for multiple decisions involving multiple entities, but that could be defined in the entities profile instead, if at all. Regards, Steven
This might be something we can think about and discuss at the next TC call. Regards, Mohammad Jafari, Ph.D. Security Architect, Edmond Scientific Company *From:*xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] *On Behalf Of *Erik Rissanen *Sent:* Tuesday, January 21, 2014 9:48 AM *To:* xacml@lists.oasis-open.org *Subject:* [xacml] Groups - xacml-3.0-hierarchical-v1.0-wd14.doc uploaded /Submitter's message/ Updates the hierarchical profile to the current OASIS document template. There are no changes in the content, except to fit the new template and: - I added a subsection 1.1 to make it clear that the non-normative statement only applies to it, not the rest of section 1. - Changed incorrect reference to RFC2396 to the correct RFC3986 - I had forgot to specify Rich as a co-editor when I requested the template, so I added him (I hope this does not break any TC admin metadata tracking) - I did a search for glossary terms and ended up marking some which were not highlighted in the previous version. - I fixed a few minor typos which I found. -- Erik Rissanen *Document Name*: xacml-3.0-hierarchical-v1.0-wd14.doc <https://www.oasis-open.org/apps/org/workgroup/xacml/document.php?document_id=52014> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--
No description provided. Download Latest Revision <https://www.oasis-open.org/apps/org/workgroup/xacml/download.php/52014/latest/xacml-3.0-hierarchical-v1.0-wd14.doc> Public Download Link <https://www.oasis-open.org/committees/document.php?document_id=52014&wg_abbrev=xacml> ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
--
*Submitter*: Erik Rissanen *Group*: OASIS eXtensible Access Control Markup Language (XACML) TC *Folder*: Specifications and Working Drafts *Date submitted*: 2014-01-21 08:47:38
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]