[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] Groups handling
Hi Yair, That is a major part of what we are working on for XACML 3. See "XACML v3.0 administration policy", Working Draft 09, 13 September 2005: http://www.oasis-open.org/committees/download.php/14036/access_control-xacml-3.0-admininstration-wd-09.zip Anne Anderson Yair Sade wrote On 09/20/05 13:08,: > Hello, > > Another issue is how to express "permission to give permissions" > > I would like to authorization to be something like: > > "permit subject x (to give permissions subject w to resource y with > attributes constraints z) with attribute constraints v" > > For example: > > Permit user x to give permissions for user w between 2pm-8pm to write-access > on file y with write-action with attribute security-level=sensitive > > Here I have: > a subject - user x, > an action - "give permissions" > an attribute (or maybe another subject) - user w > an attribute - between 2pm-8pm > an attribute (or maybe another action) - write-access > a resource - file y > an attribute - security level > > Is there any standard to express permission to give permissions? > > Thanks, > Yair > > > > -----Original Message----- > From: Kuketayev, Argyn (Contractor) [mailto:argyn_kuketayev@fanniemae.com] > Sent: Tuesday, September 20, 2005 3:53 PM > To: xacml-dev@lists.oasis-open.org > Subject: RE: [xacml-dev] Groups handling > > You can groups your subjects by a certain attribute. E.g. you can an > attribute "group-id", and assign it all groups of this subject. It'll be > similar to LDAP, imho. > > RBAC is when you need a standard way to handle roles with inheritance > and so on. It follows NIST standard on RBAC. > > argyn > > The electronic mail message you have received and any files transmitted > with it are confidential and solely for the intended addressee(s)'s > attention. Do not divulge, copy, forward, or use the contents, > attachments, or information without permission of Fannie Mae. > Information contained in this message is provided solely for the purpose > stated in the message or its attachment(s) and must not be disclosed to > any third party or used for any other purpose without consent of Fannie > Mae. If you have received this message and/or any files transmitted with > it in error, please delete them from your system, destroy any hard > copies of them, and contact the sender. > > > > >>-----Original Message----- >>From: Yair Sade [mailto:yairs@cyber-ark.com] >>Sent: Tuesday, September 20, 2005 9:20 AM >>To: xacml-dev@lists.oasis-open.org >>Subject: [xacml-dev] Groups handling >> >>Hello, >> >> >> >>Is there any standard way to implement groups in XACML access >>control (as standard access control systems as LDAP >>directories, windows, etc.)? >> >>The only close thing I've found is the RBAC profile which is >>not exactly the same. >> >> >> >>Thanks, >> >>Yair >> >> > > > --------------------------------------------------------------------- > This publicly archived list supports open discussion on implementing the > XACML OASIS Standard. To minimize spam in the > archives, you must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Alternately, using email: list-[un]subscribe@lists.oasis-open.org > List archives: http://lists.oasis-open.org/archives/xacml-dev/ > Committee homepage: http://www.oasis-open.org/committees/xacml/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > > > > > --------------------------------------------------------------------- > This publicly archived list supports open discussion on implementing the XACML OASIS Standard. To minimize spam in the > archives, you must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Alternately, using email: list-[un]subscribe@lists.oasis-open.org > List archives: http://lists.oasis-open.org/archives/xacml-dev/ > Committee homepage: http://www.oasis-open.org/committees/xacml/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]