[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-dev] XACML 2
Thank you. I see "string-match" was fixed and other changes. Hopefully, I'll have time to test this later. Argyn > -----Original Message----- > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] > Sent: Wednesday, September 29, 2004 10:35 AM > To: Kuketayev, Argyn > Cc: xacml-dev@lists.oasis-open.org > Subject: RE: [xacml-dev] XACML 2 > > > Argyn, > > I took your comments and used them to modify the examples in > the current RBAC draft: > > Core and Hierarchical Role Based Access Control (RBAC) profile > of XACML, Version 2.0, Working Draft 03, 22 September 2004: > > http://www.oasis-open.org/committees/download.php/9382/RBAC-pr ofile.zip). > > The RBAC draft examples are intended to XACML 2.0 conformant, > and since there are no XACML 2.0 implementations available, > you will necessarily have to make modifications as described > at the start of the RBAC draft. If, with those > modifications, the new examples still don't work for you, > please let me know. > > Anne > > On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] > XACML 2 > From: "Kuketayev, Argyn" > <argyn_kuketayev@fanniemae.com> > To: > xacml-dev@lists.oasis-open.org > Subject: RE: [xacml-dev] > XACML 2 > Date: Wed, 29 Sep 2004 10:10:09 -0400 > > > Maybe I mean samples, not tests. When I first tried to > implement RBAC, I > took samples from the document, and they > didn't work. It took some time > to make them loadable and > work with SunXACML. I thought that having > those samples as > policy XML docs would help implementors. > > > Argyn > > > > > -----Original Message----- > > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] > > > Sent: Wednesday, September 29, 2004 10:00 AM > > > To: Kuketayev, Argyn > > > Cc: xacml-dev@lists.oasis-open.org > > > Subject: RE: [xacml-dev] XACML 2 > > > > > > > > > There are no plans. The RBAC profile has not yet been > > > approved as a CD. > > > > > > It would be a test of how you implement your policy storage > > > and retrieval mechanism, since the RBAC profile requires no > > > changes or functional extensions to XACML. It is strictly a > > > "profile" or paradigm for XACML usage. > > > > > > Can you suggest a conformance test that would be useful? The > > > only thing I can think of is to pass in a Request containing > > > a role attribute, having two Role PolicySets - one that > > > applies and one that doesn't - and two Permission PolicySets > > > - one for each role. The test would be verifying that only > > > the applicable Permission PolicySet was applied. That is all > > > standard XACML, so I don't think it is very useful. > > > > > > Anne > > > > > > On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] > > > XACML 2 > From: "Kuketayev, Argyn" > > > <argyn_kuketayev@fanniemae.com> > To: Anne.Anderson@Sun.COM, > > > xacml-dev@lists.oasis-open.org > Subject: RE: [xacml-dev] > > > XACML 2 > Date: Wed, 29 Sep 2004 09:38:03 -0400 > > > > > Are there any plans to have conformance tests or samples > > > for RBAC > profile?\ > Argyn > > > > > > -----Original Message----- > > > > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] > > > > > Sent: Wednesday, September 29, 2004 9:31 AM > > > > > To: xacml-dev@lists.oasis-open.org > > > > > Subject: RE: [xacml-dev] XACML 2 > > > > > > > > > > > > > > > On 28 September, Diego M. Gonzalez writes: RE: [xacml-dev] > > > > > XACML 2 > I have finished the code that loads the policies > > > > > and makes > difference for both versions. But I'll like to > > > > > start with a > TDD environment for which I have to create > > > > > some conformance > tests with the new schema and > > > namespaces. > > > > > > > Have you started with the conformance tests? Do you want > > > > > to > use a common place to store them so any > implementor can > > > > > get > the tests, and provide feedback about them? > > > > > > > > > > Diego, > > > > > > > > > > The XACML TC has not discussed conformance tests for XACML > > > > > 2.0. I have asked the chairs to put the topic on > our agenda. > > > > > Sun volunteered to do CTs for XACML 1.0, and IBM for XACML > > > > > 1.1, but I don't know if IBM is interested in doing > them for > > > > > XACML 2.0. There is no requirement that a spec have > CTs, but > > > > > it certainly is valuable. > > > > > > > > > > Anne > > > > > -- > > > > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > > > > Sun Microsystems Laboratories > > > > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > > > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > > > > > > > > > > > -- > > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > > Sun Microsystems Laboratories > > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]