[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Validating XACML policies and requests against XSD
?? When I was using XACML 1.1 engine, it supported all XSD schemas. Did it change in XACML 2.0 engine?? Thanks, Yoichi -------------------------------------------------------------------------- Yoichi Takayama, PhD Senior Research Fellow RAMP Project MELCOE (Macquarie E-Learning Centre of Excellence) MACQUARIE UNIVERSITY Phone: +61 (0)2 9850 9073 Fax: +61 (0)2 9850 6527 www.mq.edu.au www.melcoe.mq.edu.au/projects/RAMP/ -------------------------------------------------------------------------- MACQUARIE UNIVERSITY: CRICOS Provider No 00002J This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or Macquarie University. On 14/01/2009, at 6:53 AM, hao chen wrote: > Hi, > > I also wonder why sunxacml implementation does not support xml > schema with naming space in xacml policies. > > Best Regard > hao > > --- On Tue, 1/13/09, Oleg Gryb <oleg_gryb@yahoo.com> wrote: > >> From: Oleg Gryb <oleg_gryb@yahoo.com> >> Subject: [xacml-users] Validating XACML policies and requests >> against XSD >> To: xacml-users@lists.oasis-open.org, xacml-comments@lists.oasis-open.org >> Date: Tuesday, January 13, 2009, 11:39 AM >> I've noticed lately that some commercial and open source >> PDP engines do not validate requests and policies against >> XSD that is a part of XACML specification. I could see two >> problems related to that: >> >> 1. Each and every security auditor would say that absence >> of input data validation is a security breach in waiting. >> It's true even for 'regular' business >> applications. In the case of authorization systems this fact >> should be given even a bigger attention considering >> criticality of these systems. >> >> 2. It affects PDP's interoperability. Example that Hao >> has provided makes me thing that sunxacml disregards >> namespaces, it means that it won't be interoperable with >> any PDP engine that does the validation against XSD. Seth, >> please let me know if my observation is not correct. >> >> I think it should be clearly stated in the XACML >> specification that if a request or policy is not compliant >> with XSDs the process of evaluation should not even start >> and all invalid requests and policies should be rejected by >> PDP. >> >> >> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: >> xacml-users-unsubscribe@lists.oasis-open.org >> For additional commands, e-mail: >> xacml-users-help@lists.oasis-open.org > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: xacml-users-help@lists.oasis-open.org >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]