OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

regrep message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: [regrep] Inconsistency in RIM 2.3.5 -> Access Control

Section 13.
First, the section opens up on this statement:

"This chapter defines the Access Control Information Model used by the 
registry to control access to RegistryObjects and RepositoryItems 
managed by it.
This specification first defines an abstract Access Control Model that 
enables access control policies to be defined and associated with 
Next, it defines a normative and required binding of that abstract model 
to [XACML].
Finally, it defines how a registry may support additional bindings to 
custom access control technologies."

Then, further down in the subsection "Abstract Access Control Policy", 
this statement is made:

"The abstract Access Control Model allows the Access Control Policy to 
be defined in any arbitrary format as long as it is represented in the 
registry as a repositoryItem and its corresponding ExtrinsicObject."

I have no problem with either approach (although firming up on XACML 
will help interop).  I just think that these two passages are 
contradictory given that the "abstract" section indicates that it would 
indeed be possible to define your acls in a format other than XACML, and 
in fact, it is allowed, while at the same time the XACML binding to the 
abstract model is required.

Maybe there should be some clarification here, because if the XACML 
binding is required, how would a registry be able to support any other 
access control format at the same time?  Should their be a notion of an 


To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]