[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: ISSUE 26
Issue 26: http://www.osoa.org/jira/browse/POLICY-26 requests a specific fix to the <runAs> element in section 7.3.1 to allow a user to runAs herself. This is reasonable as far as it goes but I have other, larger, problems with this section. Essentially, I question why we need a homegrown language to express authorization when there is a standard, XACML, for expressing this functionality. XACML is gaining good traction and we should use it instead of the elements defined in section 7.3.1 Thus, I would recommend that Section 5.3.1 be fleshed out with an example of using XACML and/or EJB-style authorization and section 7.3.1 be removed. -- All the best, Ashok
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]