[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Issue 57
Issue 57 asks whether there should be a fine-grained authorization intent. http://www.osoa.org/jira/browse/POLICY-57 The idea behind this was to enable the use of other authorization languages, especially XACML, within policySets. There was discussion as to whether XACML should replace the simple authorization policy language currently in the Policy Framework specification but the feeling in the TC seemed to be not to replace the authorization policy language but to allow XACML as an alternative authorization policy language. Now, let's look at what is currently in the spec. Lines 1750-1750 in section 5.2.1 in WD09 say 1. Embed XACML expressions directly in the PolicyAttachment element using the extensibility elements discussed above, or 2. Define WS-Policy assertions to wrap XACML expressions. The second bullet was added so that we could use WS-XACML but that work was never completed and never standardized. Also, policySets can wrap policies expressed in languages other than WS-Policy, so it is not required. The first bullet, on its own allows XACML queries in policySets. Thus, I recommend the following actions: 1. Remove the second bullet. 2. Add an example showing how XACML could be used in policySets. Rich, we have not been able to sync up on this so feel free to disagree! -- All the best, Ashok
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]