OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: Tickets ?

see embedded

> -----Original Message-----
> From: Andersen, Jens Jakob [mailto:Jens.Andersen@softwareag.com]
> Sent: Wednesday, May 30, 2001 1:51 AM
> To: 'xacml@lists.oasis-open.org'
> Subject: Tickets ?
> Having thought over the XACML issue, and the connected areas, 
> mixed with my
> experience in consulting for implementation of "Profile Based 
> User Rights
> Adminstration Systems", as well as being practical, I jump to 
> some issues:
> 1. How will XACML information be provided ?
> - Initially (LDAP ?) and for later use (Kerberos tickets ?)

Don't know yet

> 2. If XACML is added as a header to the XML document it is 
> meant to protect,
> this will only work with XACML aware software. E.g Notepad or 
> VI will just
> read the text document, and reveal all of it to the reader.

Based on work to date, it is not likely to be a header.

> 3. This one is ouch, and I hope that we all will say NO: 
> Should XACML be
> coupled together with encryption of document content ?

I would say yes in that it should be able to specify what can be transmitted
encyrpted and what can be sent in the clear. Additionally, encryption may be
necessary to support fine grained control of nested XML fragments, i.e. the
only way to disallow some content viewing but allow other content viewing is
via encryption or physically modifying the file before transmission.

> JJ
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: xacml-request@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC