[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] questions on RBAC profile of XACML v2.0
Hi, For 1 and 2, no you should not do this. That might break the consistency of the profile design and lead to unexpected results. For 3, no, then it's not RBAC anymore. RBAC is based _only_ on the role of the subject. There exist extensions for RBAC to handle all kinds of other requirements, so you may want to search the academic literature on the topic. Regards, Erik hao chen wrote: > Hi, > > I appreciate if someone can provide some information on the following questions regarding RBAC profile of XACML v2.0 > > 1. The examples included in the profile use policy-combine permit-overrides and rule-combine permit-overrides for both Role <PolicySet> and Permission <PolicySet>. Can we use deny-overrides for both Role <PolicySet> and Permission <PolicySet> too? > > 2. The examples included in the profile set Rule's effect to permit for both Role <PolicySet> and Permission <PolicySet>. Can we set Rule's effect to deny for both Role <PolicySet> and Permission <PolicySet>? > > 3. Can we use subject's attributes (except role) as conditions in the rule settings of Permission <PolicySet>? > > thanks! > hao > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-users-help@lists.oasis-open.org > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]