[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Hierarchical resource profile of XACML v2.0
Hi Farrukh,
Some substantial changes were made to the 2.0 hierarchical profile, the
intent of which was to clarify existing functionality, as well as
explicitly provide for functionality that was unnecessarily missing.
Those changes are in the current version of the XACML 3.0 profile that
you might want to look at. The net effect should be that, in general,
you can probably do what you want with the 2.0 profile but might need
the 3.0 profile to clarify the concepts.
http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#CURRENT
While these specs are not yet official standards, they are quite
advanced in the process, and can certainly be used for guidance wrt
XACML 2.0 concepts.
Thanks,
Rich
Farrukh Najmi wrote:
> Hi Guys,
>
> Reading the Hierarchical resource profile of XACML v2.0, I am a little
> puzzled by "3.1 Nodes in an XML document" requiring that not only
> should one include a resource-id of type xpath-expression for the node
> that is the resource for the access decision but also it parent and
> all ancestors. Why is this required by the spec? Why is it necessary.
> Should an impl of a PDP not simply be able to traverse the parent and
> ancestors of the node using normal XML processing and node traversal
> mechanism in teh various xml processing tools and apis?
>
> I must be missing something obvious. Thanks for any explanation.
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]