[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [Issue 58] Need to define how roles may be assigned to Person
<http://wxforge.wx.ll.mit.edu:8080/jira/browse/REGREPTC-58> This is what the ebRIM draft 6 says currently: " 11.7 Subject MatchingAn XACML Access Control Policy MAY use the identity and roles associated with the subject as subject attributes within <xacml:SubjectMatch> elements to match the subject that is authorized for an action on a resource. A server MUST specify the subject identifier in an <xacmlc:Request> using the standard subject attribute named “urn:oasis:names:tc:xacml:1.0:subject:subject-id”. A server MUST specify a subject role, if any, in an <xacmlc:Request> using the standard subject attribute named “urn:oasis:names:tc:xacml:2.0:subject:role”. An Access Control Policy that uses Role Bases Access Control MUST specify a Permission PolicySet for each role as described in [XACML-RBAC]. This specification does not define how roles are defined or assigned to a subject. Implementations SHOULD to provide that functionality in an implementation-specific manner. " There is nothing it says about assigning roles to PersonType instances. I would like to hear specific requirements on this issue and for now will defer it to 4.0-cd2. Please share your thoughts. Thanks. -- Regards, Farrukh Najmi Web: http://www.wellfleetsoftware.com |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]