OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sca-policy message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: ISSUE 26

Issue 26:  http://www.osoa.org/jira/browse/POLICY-26
requests a specific fix to the <runAs> element in section 7.3.1  to 
allow a user to runAs  herself.
This is reasonable as far as it goes but I have other, larger, problems 
with this section.

Essentially, I question why we need a homegrown language to express 
authorization when there is
a standard, XACML, for expressing this functionality.  XACML is gaining 
good traction and we should
use it instead of the elements defined in section 7.3.1
 
Thus, I would recommend that Section 5.3.1 be fleshed out with an 
example of using XACML and/or
EJB-style authorization and section 7.3.1 be removed.

-- 
All the best, Ashok

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]