[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Implementing UNIX file system acl using xacml
I think you are attacking the problem from the wrong side, i.e. the policy side. What I'd do in your place is to work from the PEP. You need to submit multiple access control requests (you could actually use the Multiple Resources Profile for this), one for each ancestor directory of the file/directory you want to access. Example: Say you want to access: /a/b/foo.txt you need to fire of 3 access control requests against the policy you wrote: One for 'a', one for 'b' and one for 'foo.txt'. Then you need the PEP to deny access if any of these requests is not permitted. That's how I would do it. Hope it helps. Regards, Ludwig -- Ludwig Seitz, PhD Swedish Institute of Computer Science Ideon Science Park Building Beta 2 3v Scheelevägen 17 SE-223 70 Lund Phone +46(0)70-349 92 51 http://www.sics.se
Attachment:
signature.asc
Description: This is a digitally signed message part
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]