OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml] Groups - xacml-3.0-hierarchical-v1.0-wd14.doc uploaded


+1

Hal

> -----Original Message-----
> From: Steven Legg [mailto:steven.legg@viewds.com]
> Sent: Thursday, January 30, 2014 12:05 AM
> To: Mohammad Jafari
> Cc: Erik Rissanen; xacml@lists.oasis-open.org
> Subject: Re: [xacml] Groups - xacml-3.0-hierarchical-v1.0-wd14.doc
> uploaded
> 
> 
> Hi Mohammad,
> 
> On 22/01/2014 3:00 PM, Mohammad Jafari wrote:
> > Thanks Erik.
> >
> > I am wondering if the work on Nested and Related Entities can
> influence this profile.
> 
> Probably not. Insofar as they overlap, I think the entities profile and
> the hierarchical profile should be considered to be alternative
> approaches to the same problem space, with some notable differences.
> 
>  > It seems to me that "hierarchies" can be considered special cases of
> "related entities".
> 
> Related entities can form an arbitrary graph, of which the hierarchies
> defined by the hierarchical profile are a special case. Trees can also
> be represented by nested entities.
> 
> Here are the differences as I see them.
> 
>  From the perspective of the entities profile, the resource-parent,
> resource-ancestor and resource-ancestor-or-self attributes are
> flattened attributes. They flatten the resource-id attributes of the
> ancestor nodes into the resource category. This is the only information
> from the ancestor nodes of non-XML hierarchies that can be tested by an
> XACML policy using the hierarchical profile. Additional flattened
> attributes could be defined, but that would introduce the correlation
> issues inherent to the use of flattened attributes. The entities
> profile allows any attributes of related nodes to be tested by explicit
> reference to the links between nodes.
> 
> Those explicit references are a limitation compared to the hierarchies
> profile in that the resource-ancestor and resource-ancestor-or-self
> attributes are defined by the transitive closure of the child-parent
> relationship, but the entities profile doesn't address transitive
> closure.
> 
> A hierarchy represented as an XML document could also be represented by
> nested entities. The content-selector attribute has been defined by the
> hierarchical profile to select the node in the hierarchy that is the
> resource.
> I haven't defined anything like that in the entities profile. The
> content-selector attribute uses XPath expressions. The analogue for
> nested entities would be an XACML expression, which would be a new
> data-type. I don't think that is worth doing since the situation can be
> handled with related entities instead of nested entities; the resource
> category <Attributes> element would contain the resource node and the
> higher and lower nodes in the hierarchy would be in other <Attributes>
> elements (i.e., other entities) linked by URI values.
> 
> In all, I don't see a need to change the hierarchical profile because
> of the entities profile. There is perhaps something that the multiple
> decision profile could say about a request for multiple decisions
> involving multiple entities, but that could be defined in the entities
> profile instead, if at all.
> 
> Regards,
> Steven
> 
> >
> > This might be something we can think about and discuss at the next TC
> call.
> >
> > Regards,
> >
> > Mohammad Jafari, Ph.D.
> >
> > Security Architect, Edmond Scientific Company
> >
> > *From:*xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org]
> > *On Behalf Of *Erik Rissanen
> > *Sent:* Tuesday, January 21, 2014 9:48 AM
> > *To:* xacml@lists.oasis-open.org
> > *Subject:* [xacml] Groups - xacml-3.0-hierarchical-v1.0-wd14.doc
> > uploaded
> >
> > /Submitter's message/
> > Updates the hierarchical profile to the current OASIS document
> template. There are no changes in the content, except to fit the new
> template and:
> >
> > - I added a subsection 1.1 to make it clear that the non-normative
> statement only applies to it, not the rest of section 1.
> > - Changed incorrect reference to RFC2396 to the correct RFC3986
> > - I had forgot to specify Rich as a co-editor when I requested the
> > template, so I added him (I hope this does not break any TC admin
> > metadata tracking)
> > - I did a search for glossary terms and ended up marking some which
> were not highlighted in the previous version.
> > - I fixed a few minor typos which I found.
> >
> > -- Erik Rissanen
> >
> > *Document Name*: xacml-3.0-hierarchical-v1.0-wd14.doc
> > <https://www.oasis-
> open.org/apps/org/workgroup/xacml/document.php?docu
> > ment_id=52014>
> >
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > --------
>  --
> >
> > No description provided.
> > Download Latest Revision
> > <https://www.oasis-
> open.org/apps/org/workgroup/xacml/download.php/5201
> > 4/latest/xacml-3.0-hierarchical-v1.0-wd14.doc>
> > Public Download Link
> > <https://www.oasis-
> open.org/committees/document.php?document_id=52014&
> > wg_abbrev=xacml>
> >
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > ---------------------------------------------------------------------
> -
> > --------
>  --
> >
> > *Submitter*: Erik Rissanen
> > *Group*: OASIS eXtensible Access Control Markup Language (XACML) TC
> > *Folder*: Specifications and Working Drafts *Date submitted*:
> > 2014-01-21 08:47:38
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
> 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]