OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml-comment] Resource types

I note that the set of types allowed in a 'resource' element is restricted, as is the match criteria. Given the nature of my employers business I would like to be able to use types and match criteria that have not been defined. My reading of the spec. shows that the accepted answer to that is to move the resource specification to a 'condition' element instead, but that simply begs the question of why a 'resource' element exists in the first place if a 'condition' element can achieve the exact same thing (or conversely, if a condition element can be extended, then why not a 'resource' element).
I understand the desire to facilitate indexing, however moving a resource match to a condition makes it difficult, i fnot impossible, to deduce the role played by the arguments to the condition. This in turn makes it hard to automatically translate the XACML representation of a policy into a different representation (as might be necessary if the actual access control were being performed by a legacy system). 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC