[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [regrep] Inconsistency in RIM 2.3.5 -> Access Control
Section 13. First, the section opens up on this statement: "This chapter defines the Access Control Information Model used by the registry to control access to RegistryObjects and RepositoryItems managed by it. This specification first defines an abstract Access Control Model that enables access control policies to be defined and associated with RegistryObjects. Next, it defines a normative and required binding of that abstract model to [XACML]. Finally, it defines how a registry may support additional bindings to custom access control technologies." Then, further down in the subsection "Abstract Access Control Policy", this statement is made: "The abstract Access Control Model allows the Access Control Policy to be defined in any arbitrary format as long as it is represented in the registry as a repositoryItem and its corresponding ExtrinsicObject." I have no problem with either approach (although firming up on XACML will help interop). I just think that these two passages are contradictory given that the "abstract" section indicates that it would indeed be possible to define your acls in a format other than XACML, and in fact, it is allowed, while at the same time the XACML binding to the abstract model is required. Maybe there should be some clarification here, because if the XACML binding is required, how would a registry be able to support any other access control format at the same time? Should their be a notion of an AccessControlPolicyList? -Matt ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]