OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: XACML Charter Scope

I agree with Ernest, that XPath/XSLT is one of proper standards for
retrieving some parts of XACML policy specification from repository,
while in our access control language for XML (XACL), we did not use
XPath for extracting parts of policy specification. We used a table
representation that binds target resource name to a relevant XML
policy file. As Hal wrote that "it seems it would be useful to describe
how they would be contained in or bound to the document to which
they refer." I think it would be useful to create use cases of how
XACML policy is contained in the target document (it seems to be an
annotation to the target document, say "embedded policy"). Another
case is just mentioned above, that is "detached policy".

Michiharu Kudo
Internet Technology              TEL +81-46-215-4642
Tokyo Research Laboratory    FAX +81-46-273-7428
IBM Japan Ltd.                      Internet: kudo@jp.ibm.com

From: ernesto damiani <edamiani@crema.unimi.it> on 2001/05/24 19:09

Please respond to ernesto damiani <edamiani@crema.unimi.it>

To:   "Simon Y. Blackwell" <sblackwell@psoom.com>,
Subject:  Re: XACML Charter Scope

I agree, especially when you say that we do not need to reinvent the
Having worked a lot on XML query languages in the last couple of years (I
even was at the first W3C workshop on this subject ;-), interested people
may take a look at http://xerox.elet.polimi.it) my personal opinion is that
XQuery gives you a lot of expressive power.. and, at least for now,  lots
trouble we do not need.
There is a standard, robust, well-understood mechanism to refer to portions
of XML data, and it is XPath (BTW, as you know most of the academic
proposals towards access control languages for XML, including our own,
exploit this mechanism for identifying objects).
XSLT is based on XPath, and it seems very reasonable XSLT/XPath to be used
to extract and process parts of an XACML policies' repository.
Needless to say I do NOT think we should get involved with any lower level
issue such as serialization etc.: our XACML info may travel inside a HTTP
packet, be stored on disk as a XML text file or serialized using any other
Comments welcome...


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC