OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-dev] Groups handling

Hi Yair,

That is a major part of what we are working on for XACML 3.  See "XACML
v3.0 administration policy", Working Draft 09, 13 September 2005:
http://www.oasis-open.org/committees/download.php/14036/access_control-xacml-3.0-admininstration-wd-09.zip

Anne Anderson

Yair Sade wrote On 09/20/05 13:08,:
> Hello,
> 
> Another issue is how to express "permission to give permissions"
> 
> I would like to authorization to be something like:
> 
> "permit subject x (to give permissions subject w to resource y with
> attributes constraints z) with attribute constraints v"
> 
> For example:
> 
> Permit user x to give permissions for user w between 2pm-8pm to write-access
> on file y with write-action with attribute security-level=sensitive
> 
> Here I have:
> a subject - user x, 
> an action - "give permissions"
> an attribute (or maybe another subject) - user w
> an attribute - between 2pm-8pm 
> an attribute (or maybe another action) - write-access
> a resource - file y
> an attribute - security level
> 
> Is there any standard to express permission to give permissions?
> 
> Thanks,
> Yair
> 
> 
> 
> -----Original Message-----
> From: Kuketayev, Argyn (Contractor) [mailto:argyn_kuketayev@fanniemae.com] 
> Sent: Tuesday, September 20, 2005 3:53 PM
> To: xacml-dev@lists.oasis-open.org
> Subject: RE: [xacml-dev] Groups handling
> 
> You can groups your subjects by a certain attribute. E.g. you can an
> attribute "group-id", and assign it all groups of this subject. It'll be
> similar to LDAP, imho.
> 
> RBAC is when you need a standard way to handle roles with inheritance
> and so on. It follows NIST standard on RBAC.
> 
> argyn
> 
> The electronic mail message you have received and any files transmitted
> with it are confidential and solely for the intended addressee(s)'s
> attention. Do not divulge, copy, forward, or use the contents,
> attachments, or information without permission of Fannie Mae.
> Information contained in this message is provided solely for the purpose
> stated in the message or its attachment(s) and must not be disclosed to
> any third party or used for any other purpose without consent of Fannie
> Mae. If you have received this message and/or any files transmitted with
> it in error, please delete them from your system, destroy any hard
> copies of them, and contact the sender.      
> 
>  
> 
> 
>>-----Original Message-----
>>From: Yair Sade [mailto:yairs@cyber-ark.com] 
>>Sent: Tuesday, September 20, 2005 9:20 AM
>>To: xacml-dev@lists.oasis-open.org
>>Subject: [xacml-dev] Groups handling
>>
>>Hello,
>>
>> 
>>
>>Is there any standard way to implement groups in XACML access 
>>control (as standard access control systems as LDAP 
>>directories, windows, etc.)?
>>
>>The only close thing I've found is the RBAC profile which is 
>>not exactly the same.
>>
>> 
>>
>>Thanks,
>>
>>Yair
>>
>>
> 
> 
> ---------------------------------------------------------------------
> This publicly archived list supports open discussion on implementing the
> XACML OASIS Standard. To minimize spam in the
> archives, you must subscribe before posting.
> 
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Alternately, using email: list-[un]subscribe@lists.oasis-open.org
> List archives: http://lists.oasis-open.org/archives/xacml-dev/
> Committee homepage: http://www.oasis-open.org/committees/xacml/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
> Join OASIS: http://www.oasis-open.org/join/
> 
> 
> 
> 
> ---------------------------------------------------------------------
> This publicly archived list supports open discussion on implementing the XACML OASIS Standard. To minimize spam in the
> archives, you must subscribe before posting.
> 
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Alternately, using email: list-[un]subscribe@lists.oasis-open.org
> List archives: http://lists.oasis-open.org/archives/xacml-dev/
> Committee homepage: http://www.oasis-open.org/committees/xacml/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
> Join OASIS: http://www.oasis-open.org/join/
> 

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]