[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Some queries regarding RBAC and XACML Profile for delegation.
> > No, it's the other way around: > > -- First you match the access request against the access policies. > -- If there is a permit (which is associated with an issuer), then you > MUST generate a _new_ administrative request, and check that against the > administrative policies. > -- If the result is deny or not applicable for the first access request, > then you do not need to generate a second request. (We are still working > on the details of deny though, so draft 07 is not fully consistent on > this issue.) > oh , now i got you, you mean, Access policies are issued by the Users means the Access policies contains Issuer element. but i am thinking on the other way arround. Suppose i have normal XACML policies with no Issuer element and delegate element i.e. they are normal access policies and dont need any further authorization. if , an access request got "notApplicable", or "Deny", i will then check for the delegation policies (User Issued one) and so as to generate an Administrative request and ... Agreed ? regards Muhammad.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]