[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Re: [EXTERNAL] [xacml] Default behavior for unrecognized resource attributes?
Thanks Martin, I think your concern is quite clear now. Regarding the examples, I did not intended the examples to be 100% realistic. I just wanted to make the point that your assumption that just because a resource has an attribute, then it must be relevant for security, is not true in all environments. From a runtime point of view not all attributes are needed in all situations, as discussed previously. And even statically, not all attributes may be needed. An application might make a standardized set of attributes available, but when it is deployed in different jurisdictions, some of those attributes may or may not be relevant. So assuming that something is wrong just because an attribute is not referenced in the policies is not correct in general. Another toy example just to illustrate the point: a document management system might provide a metadata item "contains unpatriotic opinions". In a a country with an authoritarian regime this attribute might be used to restrict access to only certain trusted, loyal individuals, while in the US this attribute is not relevant at all and not used in the policies, although the application still has it available in its information model and the PEP provides it. Best regards, Erik On 2016-01-07 18:31, Martin Smith
wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]