OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: XACML TC Charter Revision - Strawman

I agree with Marlena, keep the term 'subject' to refer to the principal
regardless of whether it be one principal or a set of principals.

So for example an XACML <Role> could be a principal, indicating that anyone
with the specified Role had the specified relationship to the <Object>.

It is essential to differentiate the occurence of a <role> in the <subject>
and the occurence of a <role> in the <object>. A particular assertion might
even have roles in both locations 'anyone with the X Role also has the Y
role' - very useful for mapping external roles and attributes onto localy
defined roles.

		Phill

Phillip Hallam-Baker FBCS C.Eng.
Principal Scientist
VeriSign Inc.
pbaker@verisign.com
781 245 6996 x227


> -----Original Message-----
> From: Marlena Erdos [mailto:marlena@us.ibm.com]
> Sent: Thursday, May 31, 2001 1:41 AM
> To: 'xacml@lists.oasis-open.org'
> Subject: RE: XACML TC Charter Revision - Strawman
> 
> 
> >Policy Target
> >The target of a policy (hereafter referred to as "subject") 
> can be any
> >object that can be referenced in XML.
> 
> In my experience, the term "subject" would more usually
> refer to the principle requesting access to a resource.
> 
> I can't tell for sure if XACML policies are exclusively
> resource-centric (a list of principles/groups/roles that
> have access to a given resource) or also encompass
> principle-centric policies (i.e.
> a list of the resources a given principle has access to).
> Or maybe we want to be able to express both.
> However, I don't think "subject" is
> appropriate when talking about the target for
> resource-centric policies.  (It would be OK for
> principle-centric ones.)
>    Instead of "subject", why don't we just use "target"?
> I think that covers both the principle-centric case and
> the resource-centric one fairly nicely.
> 
> Regards,
> Marlena Erdos
> IBM/Tivoli
> 
> 
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: xacml-request@lists.oasis-open.org
>

Phillip Hallam-Baker (E-mail).vcf

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC