OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] XACML 2

Diego M. Gonzalez wrote:
> My current plans for the next version of XACML.NET is supporting current
> .Net version and the next one (aka "Whidbey") (the Microsoft's "Tiger"
> :) ), and I'm using this implementation also to test the new framework,
> language improvements, and how to integrate with the previous version.
> On the other hand... my Java days are over now... It was a great time in
> the past... But I meet the power of the dark side :)

Well, it was worth asking :) I'm glad this xacml-dev list was setup so 
we can get some discussions going across projects. I will be interested 
to hear about your experiences moving forward in the .NET framework.

> Anyway if you think that I can help you in some way (like implementation
> decissions, and specification intepretations that may differ, etc), feel
> free to contact me.

I think you raised a good question about how 1.x and 2.0 XACML works 
together. From a technical point of view, I've been spending a lot of 
time thinking about how to support both from the same codebase. I 
suspect that when I'm looking for input, I'll turn to this list to get 
thoughts from other developers.

> For the moment I'm planning supporting both versions with the same code
> base. And the version of the policy will be determing the evaluation
> behavior I mean when a 2.0 policy is used to evaluate the 2.0 evaluation
> will be performed. if I found some requirement in 2.0 that can only be
> provided by a 2.0 context, and the context is 1.x I'll invalidate the
> evaluation context (rule, policy, etc) with an error. But I don't want
> to make this "implementation specific".

That's pretty much the path that I'm planning to take as well. Let the 
XACML version in the policy dictate how processing happens. Of course, 
this leaves a few interesting corner cases. Perhaps one thing we can do 
is pool our experiences here, and write an informal guide covering how 
1.x and 2.0 interactions should occur to keep things as meaningful as 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]