[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] XACML Resource Element
It absolutely makes sense. That is the reason XACML resource concept was designed to be so flexible. All is needed is a normative profile for mapping some other specification resource into XACML space. Since WS-Resource developers are intimately familiar with the structure that they need to present for authorization decisions, perhaps they may suggest such a mapping? It, preferably, should be a strictly defined collection of named attributes of the XACML types, or, optionally, an XML document that can included in request. Note that XML document support is optional in XACML and puts the burden of extracting the relevant values on the policy writer. It would be nice to do that for them. Daniel; -----Original Message----- From: marchadr@wellsfargo.com [mailto:marchadr@wellsfargo.com] Sent: Wednesday, September 21, 2005 9:12 AM To: Seth.Proctor@sun.com; Daniel Engovatov Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org Subject: RE: [xacml-users] XACML Resource Element Here is what seems to be happening: Some specifications are using a resource to define parts of their specifications. It would be nice to have the mapping of a XACML resource to a WS-Resource since a authorization filter could be thrown on top of the specifications using the WS-Resource with relative ease. For instance I am a service provider providing WS-Notifications or something else. I want to add policy enforcement based on my resource definitions. I look at products that support XACML and throw that in front of my service provider to check the WS-Resource to retrieve groups and policies for the specific resource based on the service client definitions. Does this make sense? - Dan -----Original Message----- From: Seth Proctor [mailto:Seth.Proctor@sun.com] Sent: Tuesday, September 20, 2005 5:44 PM To: Daniel Engovatov Cc: marchadr@wellsfargo.com; xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] XACML Resource Element On Sep 20, 2005, at 8:40 PM, Daniel Engovatov wrote: > WS-Resource can be expressed as an XACML resource. XACML resource > is a > more generic concept. What we may want is to develop a profile for > normative mapping. Umm, yeah. What Daniel said :) seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]