OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

sca-policy message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [sca-policy] Issue 57

I got the impression from the previous email on this issue (http://www.oasis-open.org/apps/org/workgroup/sca-policy/email/archives/200810/msg00010.html) that there was a desire for more configuration than just XACML as the policy language? Have the use cases changed?

Dave Booz
STSM, BPM and SCA Architecture
Co-Chair OASIS SCA-Policy TC and SCA-J TC
"Distributed objects first, then world hunger"
Poughkeepsie, NY (845)-435-6093 or 8-295-6093
e-mail:booz@us.ibm.com

Inactive hide details for ashok malhotra ---11/17/2008 02:02:05 PM---Issue 57 asks whether there should be a fine-grained authoashok malhotra ---11/17/2008 02:02:05 PM---Issue 57 asks whether there should be a fine-grained authorization intent. http://www.osoa.org/jira/


From:
ashok malhotra <ashok.malhotra@oracle.com>

To:
OASIS Policy <sca-policy@lists.oasis-open.org>

Date:
11/17/2008 02:02 PM

Subject:
[sca-policy] Issue 57




Issue 57 asks whether there should be a fine-grained authorization intent.
http://www.osoa.org/jira/browse/POLICY-57

The idea behind this was to enable the use of other authorization
languages, especially XACML,
within policySets.   There was discussion as to whether XACML should
replace the simple authorization
policy language currently in the Policy Framework specification but the
feeling in the TC seemed to be not
to replace the authorization policy language but to allow XACML as an
alternative authorization policy
language.

Now, let's look at what is currently in the spec.  Lines 1750-1750 in
section 5.2.1 in WD09 say

1. Embed XACML expressions directly in the PolicyAttachment element
using the extensibility elements discussed above, or

2. Define WS-Policy assertions to wrap XACML expressions.


The second bullet was added so that we could use WS-XACML but that work
was never completed and never standardized.  Also, policySets can wrap
policies expressed in languages other than WS-Policy, so it is not required.


The first bullet, on its own allows XACML queries in policySets.


Thus, I recommend the following actions:


1. Remove the second bullet.
2. Add an example showing how XACML could be used in policySets.


Rich, we have not been able to sync up on this so feel free to disagree!


--
All the best, Ashok

---------------------------------------------------------------------
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:
https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]