OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml-users] Help on ResourceConent!

Hi Roland!

    As you have said said that only embedded details can be read by 1.0v, had a doubt on how are these values prefetched, so is it that

        a) PEP send that the detail of the doctor who wanted to read bart's DOB
        b) Context Handler will prefetch DOB details via PIP and place it in the Resource Content and push it across to PDP.
        c) Now PDP has all these prefetched detail
        d) PDP takes a decision on what to with operation the person wants to do via PAP

So in 1.0 PDP didn't had the provision to delve into just the hyperlink for the record provided. In 2.0 there is an enhancement for the same to get the details from the hyperlink. So on a whole in 1.0 all resources are given to take decisions and 2.0v a flexibility to serach the record on a given location / URL is provided and thus reducing the overhead of adding  into the XML.

Thanks
Balaji Kamal Kannadassan

-----Original Message-----
From: Roland Illig [mailto:roland.illig@gmx.de]
Sent: Thursday, October 30, 2008 7:35 PM
To: Kannadassan, Balaji (AMR:8826)
Cc: xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] Help on ResourceConent!

Balaji Kannadassan schrieb:
> Hi Roland!
>
>     Thanks for making things clear to me. BTW saw this entry in the
> oasis-xacmlv1.0.pdf would like to know what they exactly mean.
>
> Q)
>
> The following example illustrates a request context to which the
> example rules may be applicable. It represents a request by the
> physician Julius Hibbert to read the patient date of birth in the
> record of Bartholomew Simpson.
>
> XML Request:
> ------------
> ....
> <ResourceContent>
>  <md:record
>  xmlns:md="//http:www.medico.com/schemas/record.xsd">
>  <md:patient>
>  <md:patientDoB>1992-03-21</md:patientDoB>
>  </md:patient>
> <!-- other fields -->
>  </md:record>
> <ResourceContent>
>
> We have to search for the DoB of the patient rt ?. Its enough if we
> have specified the xsd hyperlink. Any idea on why they have specified
> a new patient record with DoB entry ?.

The standard functions of XACML can only search in XML data that is provided directly in the <Request>.

<guess>
Searching external documents would have been too complicated to include it in the standard. Plus, it affects the security considerations if the PDP accesses external documents. Any information that leaks from the XACML system may be used by some attacker to gain further knowledge about the system.
</guess>

Roland

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]