[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] policy committee work description
Dear colleagues, fyi, below is the work description of the policy model subcommittee, which has already been uploaded on the subcommittee web page. best -p ------------------------------------------------------------------- CHARTER OF THE POLICY SUBCOMMITTEE The goal of the subcommittee is to define a framework for the specification and evaluation of access control rules. The framework needs to be flexible and expressive enough to support different access control policies that may need to be applied (and have been proposed or are used in different real-world scenarios). Defining a framework means to define: - a model: clearly describing the type of access control rules that can be expressed and their evaluation. The model needs not be formal but the definition must be unambiguous. - a language: for specifying access control rules. The language gives a syntax for expressing the rules whose semantics has been defined in the model. The language will be XML-based, namely a policy will be represented as a valid XML document (each rule corresponding to a valid XML fragment). The XML schema used to validate policies and rules will contain type definitions for all entities composing the rules. The framework will be flexible and expressive enough to accomodate different protection requirements and policies. It will be extensible, that is it will be possible to define new types of entities by extending existing ones via well defined procedures. The language can be seen as three-layered: 1) core-layer gives the syntax of the rules 2) type-layer gives the data types allowed as entities inside rules 3) policy-layer defines the overall syntax of policies. The subcommittee will release: - the description of the model (not formal) - the three-layered specification of the language - examples of representing policies gathered through the available use-cases (interacting with the use case subcommittee). The result of the subcommittee could be used, at the committee level, as a starting point for providing a reference implementation.
Powered by eList eXpress LLC