OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Policy question

On 05/12/2014 05:25 PM, Sinnema, Remon wrote:

Suppose I have a system with documents, and access to those documents is
governed by a number of policies. Now comments are introduced to the
system, and the access control requirements for comments are as follows:

1.Anybody who can see a document is allowed to see all comments on it.

This is tricky. You can perhaps do it with the access-permitted function (section A.3.16 of the standard), but implementation of this function is optional and I don't expect many XACML engines to actually implement this (it's just too tricky to get this right without open up the PDP to denial of service)



Ludwig Seitz, PhD
Ideon Science Park
Building Beta 2
Scheelevägen 17
SE-223 70 Lund

Phone +46(0)70-349 92 51

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]