[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Policy question
Suppose I have a system with documents, and access to those documents is governed by a number of policies. Now comments are introduced to the system, and the access control requirements for comments are as follows:
1. Anybody who can see a document is allowed to see all comments on it.
2. Anybody can edit and delete their comments, but not those of others.
3. You don’t need update permission on the document to update a comment on it.
I’m struggling to express the first requirement in XACML. Does anybody have any ideas to offer?