OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: XACML Charter Scope



As yet another example protocols out there already, CORBA will ship any
XML based credentials using the CORBA CSIv2 (Common Secure Interoperabilty
Version 2)  and ATLAS (Authorizatoin Token Layer Acquisiion Service)
standards. These are CORBA based protocols for trasnporting authorization
tokens for secure distributed object requests.

Cheers
-Polar


On Thu, 24 May 2001, ernesto damiani wrote:

> I agree, especially when you say that we do not need to reinvent the wheel..
> Having worked a lot on XML query languages in the last couple of years (I
> even was at the first W3C workshop on this subject ;-), interested people
> may take a look at http://xerox.elet.polimi.it) my personal opinion is that
> XQuery gives you a lot of expressive power.. and, at least for now,  lots of
> trouble we do not need.
> There is a standard, robust, well-understood mechanism to refer to portions
> of XML data, and it is XPath (BTW, as you know most of the academic
> proposals towards access control languages for XML, including our own,
> exploit this mechanism for identifying objects).
> XSLT is based on XPath, and it seems very reasonable XSLT/XPath to be used
> to extract and process parts of an XACML policies' repository.
> Needless to say I do NOT think we should get involved with any lower level
> issue such as serialization etc.: our XACML info may travel inside a HTTP
> packet, be stored on disk as a XML text file or serialized using any other
> mechanism.
> Comments welcome...
>
> ernesto
>
> ----- Original Message -----
> From: "Simon Y. Blackwell" <sblackwell@psoom.com>
> To: <xacml@lists.oasis-open.org>
> Sent: Wednesday, May 23, 2001 11:04 AM
> Subject: FW: XACML Charter Scope
>
>
> >
> >
> > -----Original Message-----
> > From: Simon Y. Blackwell
> > Sent: Wednesday, May 23, 2001 2:03 AM
> > To: 'Hal Lockhart'
> > Subject: RE: XACML Charter Scope
> >
> >
> > Given that I actually dreamt about this issue tonight and am now up
> thinking
> > about it (boy am I sick ;-), suffice it to say that I concur with Hal.
> >
> > I do think it should be possible to use existing protocols to query an
> XACML
> > repository and exchange messages. SAML should certainly play a role here.
> My
> > guess is XPath or XQuery might also.
> >
> > > -----Original Message-----
> > > From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
> > > Sent: Monday, May 21, 2001 12:48 PM
> > > To: 'xacml@lists.oasis-open.org'
> > > Subject: XACML Charter Scope
> > >
> > >
> > > I observed on the concall today that the proposed charter
> > > says the purpose
> > > "is to define a core schema and corresponding namespace." I
> > > said that this
> > > alone did not seem to me to be sufficient to allow interoperable
> > > implementations to be developed without some statement about
> > > how documents
> > > defined by this schema might be exchanged.
> > >
> > > On reflection, I concede that for some applications it would probably
> > > suffice to say that the document would be generated as a disk file and
> > > exchanged by any method of choice. However, it is possible that the TC
> > > wishes to go further. If XACML messages are intended to be
> > > associated with
> > > control of access to portions of XML documents, it seems it
> > > would be useful
> > > to describe how they would be contained in or bound to the
> > > document to which
> > > they refer. If XACML is to be used to provision an access
> > > control system,
> > > then a protocol for requesting and receiving messages might
> > > be useful.
> > >
> > > Increasing the scope in this way would in no way commit us to
> > > inventing
> > > these mechanisms from scratch. It would be sufficient to reference a
> > > suitable standard developed elsewhere.
> > >
> > > Hal
> > >
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC