[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] Hi, questions about XACML, please help
Hi, I'm new to XACML. I have some questions, would you please throw me some light on them? 1. What does 'Profile' mean in XACML document? (Section 9 in XACML Working Draft 14) Does the 9.4 LDAP Directory information tree (DIT) have some relationship to the XACML Context? 2. About XACML Context 2.1 Supposely XACML Context should be an abstraction of the different application environments. But the Context schema only contains definitions for request and response. Where should the application data model be specified? In the request? I think something like <record...> in 3.2 of XACML Working Draft 14 is necessary for request and policy. 2.2 What's the relationship between request/response defined in XACML Context and request/response defined in SAML? - 3.3 of XACML Working Draft 14 use a SAML request, not a XACML request, why? - SAML request uses <NameIdentifer> for subject, URI for resource, while XACML request use <SubjectAttribute> for subject, <ResourceAttribute> for resource. What's the difference? 2.3 It seems that the XACML policies use some XPath expressions on the XACML Context (requests?) to reference the attributes (of subject/resource/actoin/etc), while XACML Context (requests?) uses XPath expressions on a specific application environment (for example, the xml instance in 3.2 of XACML Working Draft 14) to specify the subject/resource/action/... Is this right? Thanks a lot!! Best Regards, Yang Shunxiang, 杨顺祥 IBM China Research Lab 4F, HaoHai, #7, 5th Street, Shangdi, BEIJING, 100085, CHINA TEL: 86-10-62986677 ext. 545 FAX: 86-10-82899634 E-mail: yangsx@cn.ibm.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC