[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Implementing UNIX file system acl using xacml
Thank you for your reply!I had already take in charge this solution, but I had discarded it because in this way the application logic is on PEP, and I prefer have it on the PDP. There are any other possible solution to solve this problem without move in the PEP the application logic?
Thank you. Regards On 11/14/2011 11:21 AM, Ludwig Seitz wrote:
I think you are attacking the problem from the wrong side, i.e. the policy side. What I'd do in your place is to work from the PEP. You need to submit multiple access control requests (you could actually use the Multiple Resources Profile for this), one for each ancestor directory of the file/directory you want to access. Example: Say you want to access: /a/b/foo.txt you need to fire of 3 access control requests against the policy you wrote: One for 'a', one for 'b' and one for 'foo.txt'. Then you need the PEP to deny access if any of these requests is not permitted. That's how I would do it. Hope it helps. Regards, Ludwig
-- Dott. Marco Biagi Netfarm s.r.l. Phone: +39 050 0981576 Fax: +39 050 777659 Web: http://www.netfarm.it/ Email: marco.biagi@netfarm.it
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]