[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Policy question
On 05/12/2014 05:25 PM, Sinnema, Remon wrote:
All, Suppose I have a system with documents, and access to those documents is governed by a number of policies. Now comments are introduced to the system, and the access control requirements for comments are as follows: 1.Anybody who can see a document is allowed to see all comments on it.
This is tricky. You can perhaps do it with the access-permitted function (section A.3.16 of the standard), but implementation of this function is optional and I don't expect many XACML engines to actually implement this (it's just too tricky to get this right without open up the PDP to denial of service)
Regards, Ludwig -- Ludwig Seitz, PhD SICS Swedish ICT AB Ideon Science Park Building Beta 2 Scheelevägen 17 SE-223 70 Lund Phone +46(0)70-349 92 51 http://www.sics.se
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]