[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Implementing UNIX file system acl using xacml (corrected)
Hi Marco, Please explain what you mean by:
is 2b in: http://www.merriam-webster.com/dictionary/a+priori So, my first question is that this info is not known before what? And, in particular, not known to whom? To the user? To the policy? To the file system? I would like to anticipate your answer being not known to the user or the policy, but only to the file system. If this is the case, then I think it is necessary to conceptualize what you mean by policy. Current file systems have policy built into structure. I agree, if this is the last word on the policy, then you need to have some kind of kludge for either the pep or the pdp to go out and get the info it needs to return an answer. I think a much better soln is to have all file system permission grants intercepted before updating the legacy file system and encode those grants in the XACML Policy and only use the file system update as legacy backend synch operation on the main policy transaction. Thanks, Rich On 11/14/2011 11:51 AM, Marco Biagi wrote: Hi Rich, |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]