OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] Groups - Discussion: Proposed PAP Architecture uploaded

The currently agreed ABAC architecture (PDP, PEP, PIP, PAP) is deployed in many different environments and explicitly permits proprietary extensions in various places. I don’t accept that we cannot find further architectural elements which we can agree on which will be beneficial to organizations deploying XACML. I could be persuaded after discussion, but I don’t see limiting ourselves a priory.

 

I don’t understand the relevance of your point about metadata. If metadata is embedded in policy syntax, it should use existing extension points or special comment formats like Java does. Other PDPs should be able to evaluate policies without any of the enhancements. Otherwise XACML does not provide interoperability.

 

Perhaps a better way to make progress is try to agree on a set of requirements which are basic to the standard and  identify areas for proprietary extension.

 

Hal

 

From: Erik Rissanen [mailto:erik@axiomatics.com]
Sent: Thursday, December 11, 2014 10:33 AM
To: xacml@lists.oasis-open.org
Subject: Re: [xacml] Groups - Discussion: Proposed PAP Architecture uploaded

 

All,

There are lots of different possible architectures and workflows for policy distribution and management. I am a bit afraid that standardizing these aspects is going to be too rigid and slow down the evolution of XACML products. For instance a policy editor component may want to put all kinds of metadata into the storage or distribution formats to facilitate a good user experience. And depending on needs, distribution and deployment could be done in vastly different ways by different organizations.

Best regards,
Erik


On 2014-12-09 10:21, Remon Sinnema wrote:

Submitter's message
All,

I'd like to re-start the discussion about PAPs, cohorts, and policies. This document may help with that.

Thanks,
Ray
-- Mr. Remon Sinnema

Document Name: Discussion: Proposed PAP Architecture

Description
This note briefly discusses a proposed architecture for policy
administration. It is intended to stimulate discussion, which may or may
not end up being formalized in a profile.
Download Latest Revision
Public Download Link

Submitter: Mr. Remon Sinnema
Group: OASIS eXtensible Access Control Markup Language (XACML) TC
Folder: repository
Date submitted: 2014-12-09 01:20:56

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]