OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] Sample with matching attributes of subj and resource

> -----Original Message-----
> From: Seth.Proctor@Sun.COM [mailto:Seth.Proctor@Sun.COM] 
> Sent: Wednesday, September 29, 2004 5:38 PM
> To: Kuketayev, Argyn
> Cc: xacml-users@lists.oasis-open.org
> Subject: Re: [xacml-users] Sample with matching attributes of 
> subj and resource
> I think what 
> you're really getting at is the need for a non-normative 
> collection of 
> examples.

Right. I've no problem reading specifications, BUT samples always help
to understand them better. 

Two types of samples are needed:
1. syntax: where the sole purpose of a sample is to show how a
particular construct can be used.
2. usage patterns: how XACML rules are best used for diffent situations.
Example: at first I wrote a target with 4 <Action> elements, each with
string-equal to SELECT, UPDATE, DELETE and INSERT actions in DB. Then
after browsing through CTs, I figured that they can be replaced with
just one regexp-string-match. Ideally, I'd love to have one complete
"Pet Store" type of XACML setup. It's probably too late for me, but for
those who think to start using XACML, it would be useful.

> I have suggested doing something like this in the 
> past, but no 
> one has had the time. I try to provide a few examples in my 
> implementation, but I'm clearly not providing enough. I've 
> thought about 
> trying to put such a collection together at some 
> point...maybe I'll make 
> some time this fall to do just this...

I maybe able to contribute "sanitized" real-world examples, if you need


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]