OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-comment] Re: Policy


Tim,

Thanks for the suggestion. I will look into the use-case document
and give my feedback.

Regards
Srilekha

Srilekha Mudumbai
 
Jericho Systems
Dallas, Texas
972-231-2000
 
The information contained in this e-mail and all attachments transmitted
with it is the Confidential and Proprietary information of Jericho
Systems, Inc.  If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
dissemination, distribution, copying, or other use of this message or
its attachments is strictly prohibited. If you have received this
message in error, please notify the sender immediately by replying to
this message and please delete it from your computer
	 

-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com] 
Sent: Wednesday, September 08, 2004 9:36 AM
To: 'sri@jerichosystems.com'; 'xacml-comment@lists.oasis-open.org'
Subject: RE: [xacml-comment] Re: Policy

Srilekha - My suggestion to you is that you lay out the use-case.  If it
is
within the current charter of XACML, then the committee should explore
whether it represents a common requirement and whether or not it is
soluble
with the current specification.

You'll find a sample use-case document to use as a template at ...

http://www.oasis-open.org/committees/download.php/1378/wd-xacml-wspl-use
-cas
es-03.pdf

I look forward to reviewing your input.  All the best.  Tim.

-----Original Message-----
From: Srilekha Mudumbai [mailto:sri@jerichosystems.com] 
Sent: Wednesday, September 08, 2004 10:45 AM
To: xacml-comment@lists.oasis-open.org
Subject: [xacml-comment] Re: Policy


Tim,
 
I have to agree on the limitations of XACML as posted by you. XACML
should
address all the limitations so as to expand its horizon. 

One thing I wanted to do is to give some reasoning on a deny
of access based on the business requirements iff required. The
obligation
was a choice but it is static and the reasoning is 
dynamic and may be on a per-user basis. That is where I had problems.
First
of all, I was not even aware if I could 
use obligation. Then Seth suggested me to do so because there 
was no better alternative.
 
Regards
Srilekha
 
Srilekha Mudumbai
 
Jericho Systems
Dallas, Texas
972-231-2000
 
 
The information contained in this e-mail and all attachments transmitted
with it is the Confidential and Proprietary information of Jericho
Systems,
Inc. If the reader of this message is not the intended recipient, or an
employee or agent responsible for delivering this message to the
intended
recipient, you are hereby notified that any dissemination, distribution,
copying, or other use of this message or its attachments is strictly
prohibited. If you have received this message in error, please notify
the
sender immediately by replying to this message and please delete it from
your computer
 
-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com] 
Sent: Tuesday, September 07, 2004 12:33 PM
To: 'Brian Hawkins'; 'xacml-comment@lists.oasis-open.org'
Subject: RE: [xacml-comment] Policy question
 
Brian - Interesting.  I would call your type of policy a "management"
policy.  XACML was designed as an "authorization" policy language.  The
result of evaluating a management policy is a set of actions.  Whereas
the
result of evaluating an authorization policy is a boolean decision.
 
XACML actually straddles the boundary between the two types of policy,
though.  It allows "side-effects" of the decision, in the form of
obligations.
 
There are a couple of deficiencies in XACML when used as a language for
expressing management policies.  Some of these are trivial, such as the
lack
of a combining algorithm that doesn't terminate prematurely and the fact
that "effect" values of "permit" and "deny" are inappropriate in the
absence
of a decision.  Others are more serious, such as the inability to
express
sequence and choice amongst obligations.
 
Perhaps, XACML should extend its charter to address these questions.
 
All the best.  Tim.
-----Original Message-----
From: Brian Hawkins [mailto:bhawkins@novell.com] 
Sent: Tuesday, September 07, 2004 12:49 PM
To: xacml-comment@lists.oasis-open.org
Subject: [xacml-comment] Policy question
I have a question about policy.  I guess it actually is a policy
question.
 
I would like to write in some policy language an answer to the "what do
I do
now?" question. For example, I ran out of disk space, now what do I do?
 
The answer would be "Perform the disk clean up operation and email the
admin".  I would like to do this in some policy language like XACML but
it
does not seem to be quite right for the job.
 
Has anyone else encountered this or have any thoughts on it?
 
Thanks
Brian



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]