OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] XACML Resource Element

It absolutely makes sense.  That is the reason XACML resource concept
was designed to be so flexible.

All is needed is a normative profile for mapping some other
specification resource into XACML space.   Since WS-Resource developers
are intimately familiar with the structure that they need to present for
authorization decisions, perhaps they may suggest such a mapping?

It, preferably, should be a strictly defined collection of named
attributes of the XACML types, or, optionally, an XML document that can
included in request.  Note that XML document support is optional in
XACML and puts the burden of extracting the relevant values on the
policy writer.  It would be nice to do that for them.

Daniel;

-----Original Message-----
From: marchadr@wellsfargo.com [mailto:marchadr@wellsfargo.com] 
Sent: Wednesday, September 21, 2005 9:12 AM
To: Seth.Proctor@sun.com; Daniel Engovatov
Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org
Subject: RE: [xacml-users] XACML Resource Element

Here is what seems to be happening:

Some specifications are using a resource to define parts of their
specifications.
It would be nice to have the mapping of a XACML resource to a
WS-Resource since a authorization filter could be thrown on top of the
specifications using the WS-Resource with relative ease.

For instance I am a service provider providing WS-Notifications or
something else.
I want to add policy enforcement based on my resource definitions.
I look at products that support XACML and throw that in front of my
service provider to check the WS-Resource to retrieve groups and
policies for the specific resource based on the service client
definitions.

Does this make sense?

- Dan

-----Original Message-----
From: Seth Proctor [mailto:Seth.Proctor@sun.com]
Sent: Tuesday, September 20, 2005 5:44 PM
To: Daniel Engovatov
Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] XACML Resource Element



On Sep 20, 2005, at 8:40 PM, Daniel Engovatov wrote:
> WS-Resource can be expressed as an XACML resource.   XACML resource  
> is a
> more generic concept.  What we may want is to develop a profile for
> normative mapping.

Umm, yeah. What Daniel said :)


seth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]