OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] Username in the <Delegate> element

Muhammad Masoom Alam wrote:

> Hi,
> Infact, i meant for putting a complex object e.g. representing the
> <Issuer> in the policy. Accordingly there will be a complex object in
> the <Delegate> Element.

The <PolicyIssuer> element is of the same type as the <Delegate>
element, so this is supported.

> Another thing is that what about using RBAC profile for rights
> delegation too. I had a look at the discussion regarding its
> pros/cons. but what is your personal opinion about it
> In my opinion, without it, things are more clearer, e.g.
> "A role R wants to delegate his rights on some service S  to role R"
> Here, service S is only permitted to some members of Role R according
> to their characteristics.
> Now, if one of the member which have previlege wants to delegate the
> right to use service S to one of the member of role R then ?

I am not sure I understand you, but it should be possible. You just
indicate the role that has the right to delegate in a target <Delegate>
element and when someone delegates, you put his role attributes in the
context <Delegate> element.

Regards, Erik

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]