OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Conditional Permission

You need a state based PDP, not a stateless one.

We have shown how this can be added to XACML in the following publications.

D.W.Chadwick. “Coordinated decision making in distributed applications”. 
Information Security Technical Report, Elsevier, Vol 12, No.3, 2007, 

David W Chadwick, Linying Su, Romain Laborde. “Coordinating Access 
Control in Grid Services”. Concurrency and Computation: Practice and 
Experience, Volume 20, Issue 9, Pages 1071-1094, 25 June 2008. Online 
version available from 

We have open source code that implements this



hao chen wrote:
> How could I write a rule in XACML policy to assert the permssion with
> some condition as the following and how could I write a PDP XACML
> request to query the permssion.
> A subject with a account operator role can modify an account
> information only if the account information has been reviewed by a
> person who has account manager role.
> Before we submit the PDP XACML request, we know if an account manager
> has reviewed the account or not.
> Thanks!
> hao
> ---------------------------------------------------------------------
>  To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org
>  For additional commands, e-mail:
> xacml-users-help@lists.oasis-open.org


David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Skype Name: davidwchadwick
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick@kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]