OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Explanation - Capability model

Title: Explanation - Capability model

Colleagues - A decision request contains (as a minimum) the subject, the resource and the action.  Job one for the PDP is to locate, retrieve and verify the policy appropriate to the decision request.  By "policy" I mean the complete set of rules that must be considered when formulating the decision.

We need a way of identifying policies, for two reasons.  Firstly, most mechanisms for locating and retrieving policy will be based on the policy's "name".  I am thinking of LDAP, "The Web", ODBC, etc..  In addition, for security reasons, the PDP must verify that it has retrieved the correct policy for the decision request.  So, it must be verifiable, by examining the policy and the decision request, that it is the right policy for the request.  One way (perhaps the best way) is to name the policies according to the situations to which they apply.  The PDP has to assure itself that the policy was issued by an authority (or authorities) that is (are) competent to set policy for the situation and that it has not been altered, and (furthermore) that the policy's name identifies it with some aspect of the decision request.

When policies are identified with the subject, the model is called a "capability" model.
When policies are identified with resource and action, the model is called an "access control" model.

At least in theory, policies could be identified with ancillary parameters (e.g. time of day).  But, this doesn't seem to be an especially helpful option.

In the capability model, policies are located and retrieved based on the subject's name, and in the access control model, policies are located and retrieved based on the name of the resource and action.

We'll have to decide whether to support both capability and access control models.  Personally, I would be quite happy to ignore the capability model.  Perhaps, the group could consider taking this position, and seeing if anyone complains.  If someone were to complain, then we would have to define a general model that accommodates both capability and access control approaches.

All the best.  Tim.
Tim Moses
Tel: 613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC