[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Public Comment
The XACML Profile for Role Based Access Control (RBAC) Version 1.0: * Committee Draft 01, 13 February 2004 o Specification Document: http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf attempted to address Separation of Duty. You might want to look at that. Some users did not feel it handled certain dynamic Separation of Duty cases, and, although the solutions proposed by the users did not fit the XACML model, we did not have time to fully evaluate this for XACML 2.0 so we removed the entire section. The issue was a desire on the part of some users to link granting access to a given resource with the granting of a role related to that resource, and doing that linkage through XACML itself. Comments welcomed. Anne comment-form@oasis-open.org wrote: > Comment from: nur@is.pku.edu.cn > > Dear Sir/Madam: > > > > I am doing some research on RBAC model in XML based security framework, and read all specification of XACML. You provide the definition > > of core RBAC and hierarchy RBAC profile of XACML. > > now I am wondering if there is a possiblity of providing definition of separation of duty(static and dynamic), role cardinality in XACML. > > In my opinion, using current standard to do so is > > somehow difficult. > > I am eager to know your opinion about this problem. > > thank you! -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]