OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] policy committee work description

Dear colleagues,

fyi, below is the work description of the policy model subcommittee,
which has already been uploaded on the subcommittee web page.




The goal of the subcommittee is to define a framework for the
specification and evaluation of access control rules.

The framework needs to be flexible and expressive enough to support
different access control policies that may need to be applied (and
have been proposed or are used in different real-world scenarios).

Defining a framework means to define:

- a model: clearly describing the type of access control rules that
can be expressed and their evaluation.  The model needs not be formal
but the definition must be unambiguous.

- a language: for specifying access control rules. The language gives
a syntax for expressing the rules whose semantics has been defined in
the model. The language will be XML-based, namely a policy will be
represented as a valid XML document (each rule corresponding to a
valid XML fragment).  The XML schema used to validate policies and
rules will contain type definitions for all entities composing the

The framework will be flexible and expressive enough to accomodate
different protection requirements and policies. It will be extensible,
that is it will be possible to define new types of entities by
extending existing ones via well defined procedures.

The language can be seen as three-layered:
1) core-layer gives the syntax of the rules
2) type-layer gives the data types allowed as entities inside rules
3) policy-layer defines the overall syntax of policies.

The subcommittee will release:

- the description of the model (not formal)
- the three-layered specification of the language
- examples of representing policies gathered through the available
  use-cases (interacting with the use case subcommittee).

The result of the subcommittee could be used, at the committee level,
as a starting point for providing a reference implementation.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC