[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Public Comment
The XACML Profile for Role Based Access Control (RBAC) Version 1.0:
* Committee Draft 01, 13 February 2004
o Specification Document:
http://docs.oasis-open.org/xacml/cd-xacml-rbac-profile-01.pdf
attempted to address Separation of Duty. You might want to look at that.
Some users did not feel it handled certain dynamic Separation of Duty
cases, and, although the solutions proposed by the users did not fit the
XACML model, we did not have time to fully evaluate this for XACML 2.0
so we removed the entire section. The issue was a desire on the part of
some users to link granting access to a given resource with the granting
of a role related to that resource, and doing that linkage through XACML
itself.
Comments welcomed.
Anne
comment-form@oasis-open.org wrote:
> Comment from: nur@is.pku.edu.cn
>
> Dear Sir/Madam:
>
>
>
> I am doing some research on RBAC model in XML based security framework, and read all specification of XACML. You provide the definition
>
> of core RBAC and hierarchy RBAC profile of XACML.
>
> now I am wondering if there is a possiblity of providing definition of separation of duty(static and dynamic), role cardinality in XACML.
>
> In my opinion, using current standard to do so is
>
> somehow difficult.
>
> I am eager to know your opinion about this problem.
>
> thank you!
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]