[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dipal-discuss] Re: Request for example Assertions
XACML 2.0 can easily express all of this. Hal From: Paul OConnor
[mailto:poconnor@e-brilliance.com] I wonder how access control assertions and policy can be
expressed and so I would propose the following very common use case in
financial services applications: An equities trading service enforces access control policy which
leverages subject attributes from the firms identity store: User role (trader, manager, etc.) Trade limit (max trade without additional approval) Trading hours (can trade after hours?) Trade location (can trade from home or office only) Along with context variables: Amount of trade Type of trade Equity being traded Additional approval flag These attributes must be asserted by the client making the
request, e.g., a trade portal. The policy enforcement infrastructure would then
calculate a policy decision before the service was ever invoked. |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]