[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-dev] Policy editor? Gui?
>===== Original Message From Seth Proctor <Seth.Proctor@Sun.COM> ===== >On Tue, 2004-11-16 at 13:42, Mary Kolencik (siamese@bcpl.net) wrote: >> Let's say I'm the policy editor for a system, I control all the >> policies and I want some scheme to keep all of my policy ids unique. >> It's a requirement, right? So if I were using a tool to write my >> policies, it would be nice to have the tool assign the policy ids >> and manage them. > >Ah. Ok. Yes, that makes sense. Something that either generates random >ids, uses schemes based on some structure, or something similar. That >certainly makes sense. Exactly. The tool might have to maintain some configuration information about what id scheme is used for the collection of policies, but it could be transparent to the policy writer. > >> Also, being able to sign policies with the tool would be nice. > >Agreed. The only challenge there, of course, is that there's no standard >scheme for using signed XACML policies right now, so that would have to >be custom functionality...but definately very useful. > There are two needs for this that I see. One is for the policy writer to know that their policies haven't been modified or tampered with, sometimes by their own error. The other would be for the PDP to authenticate the policy. I agree, the second need would be custom functionality. But for the first purpose, maybe there's another solution. What about keeping track of a checksum or someting simple. Some way to help the policy writer detect changes they may not have wanted made. I'm just thinking out loud here. Mary Kolencik www.sibercats.us
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]