OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-dev] XACML 2

Thank you. I see "string-match" was fixed and other changes. Hopefully,
I'll have time to test this later.

Argyn

> -----Original Message-----
> From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
> Sent: Wednesday, September 29, 2004 10:35 AM
> To: Kuketayev, Argyn
> Cc: xacml-dev@lists.oasis-open.org
> Subject: RE: [xacml-dev] XACML 2
> 
> 
> Argyn,
> 
> I took your comments and used them to modify the examples in 
> the current RBAC draft:
> 
>    Core and Hierarchical Role Based Access Control (RBAC) profile
>    of XACML, Version 2.0, Working Draft 03, 22 September 2004:
>    
> http://www.oasis-open.org/committees/download.php/9382/RBAC-pr
ofile.zip).
> 
> The RBAC draft examples are intended to XACML 2.0 conformant, 
> and since there are no XACML 2.0 implementations available, 
> you will necessarily have to make modifications as described 
> at the start of the RBAC draft.  If, with those 
> modifications, the new examples still don't work for you, 
> please let me know.
> 
> Anne
> 
> On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] 
> XACML 2  > From: "Kuketayev, Argyn" 
> <argyn_kuketayev@fanniemae.com>  > To: 
> xacml-dev@lists.oasis-open.org  > Subject: RE: [xacml-dev] 
> XACML 2  > Date: Wed, 29 Sep 2004 10:10:09 -0400  > 
>  > Maybe I mean samples, not tests. When I first tried to 
> implement RBAC, I  > took samples from the document, and they 
> didn't work. It took some time  > to make them loadable and 
> work with SunXACML. I thought that having  > those samples as 
> policy XML docs would help implementors.  > 
>  > Argyn
>  > 
>  > > -----Original Message-----
>  > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
>  > > Sent: Wednesday, September 29, 2004 10:00 AM
>  > > To: Kuketayev, Argyn
>  > > Cc: xacml-dev@lists.oasis-open.org
>  > > Subject: RE: [xacml-dev] XACML 2
>  > > 
>  > > 
>  > > There are no plans.  The RBAC profile has not yet been 
>  > > approved as a CD.
>  > > 
>  > > It would be a test of how you implement your policy storage 
>  > > and retrieval mechanism, since the RBAC profile requires no 
>  > > changes or functional extensions to XACML.  It is strictly a 
>  > > "profile" or paradigm for XACML usage.
>  > > 
>  > > Can you suggest a conformance test that would be useful?  The 
>  > > only thing I can think of is to pass in a Request containing 
>  > > a role attribute, having two Role PolicySets - one that 
>  > > applies and one that doesn't - and two Permission PolicySets 
>  > > - one for each role.  The test would be verifying that only 
>  > > the applicable Permission PolicySet was applied.  That is all 
>  > > standard XACML, so I don't think it is very useful.
>  > > 
>  > > Anne
>  > > 
>  > > On 29 September, Kuketayev, Argyn writes: RE: [xacml-dev] 
>  > > XACML 2  > From: "Kuketayev, Argyn" 
>  > > <argyn_kuketayev@fanniemae.com>  > To: Anne.Anderson@Sun.COM, 
>  > > xacml-dev@lists.oasis-open.org  > Subject: RE: [xacml-dev] 
>  > > XACML 2  > Date: Wed, 29 Sep 2004 09:38:03 -0400  > 
>  > >  > Are there any plans to have conformance tests or samples 
>  > > for RBAC  > profile?\  > Argyn  > 
>  > >  > > -----Original Message-----
>  > >  > > From: Anne Anderson [mailto:Anne.Anderson@Sun.COM] 
>  > >  > > Sent: Wednesday, September 29, 2004 9:31 AM
>  > >  > > To: xacml-dev@lists.oasis-open.org
>  > >  > > Subject: RE: [xacml-dev] XACML 2
>  > >  > > 
>  > >  > > 
>  > >  > > On 28 September, Diego M. Gonzalez writes: RE: [xacml-dev] 
>  > >  > > XACML 2  > I have finished the code that loads the policies 
>  > >  > > and makes  > difference for both versions. But I'll like to 
>  > >  > > start with a  > TDD environment for which I have to create 
>  > >  > > some conformance  > tests with the new schema and 
>  > > namespaces.  >  
>  > >  > >  > Have you started with the conformance tests? Do you want 
>  > >  > > to  > use a common place to store them so any 
> implementor can 
>  > >  > > get  > the tests, and provide feedback about them?
>  > >  > > 
>  > >  > > Diego,
>  > >  > > 
>  > >  > > The XACML TC has not discussed conformance tests for XACML 
>  > >  > > 2.0. I have asked the chairs to put the topic on 
> our agenda.  
>  > >  > > Sun volunteered to do CTs for XACML 1.0, and IBM for XACML 
>  > >  > > 1.1, but I don't know if IBM is interested in doing 
> them for 
>  > >  > > XACML 2.0. There is no requirement that a spec have 
> CTs, but 
>  > >  > > it certainly is valuable.
>  > >  > > 
>  > >  > > Anne
>  > >  > > -- 
>  > >  > > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>  > >  > > Sun Microsystems Laboratories
>  > >  > > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
>  > >  > > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>  > >  > > 
>  > >  > > 
>  > > 
>  > > -- 
>  > > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>  > > Sun Microsystems Laboratories
>  > > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
>  > > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>  > > 
>  > > 
> 
> -- 
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
> 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]