OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] Agenda for November 15 Telecon...


Hi

as mentioned in the concall today al the last policy committee
call we discussed the issue of positive (meaning permissions; e.g.,
"this principal can access this resource") and negative authorizations
(meaning denials: "this principal cannot access this resources").
While it is true that you cannot do with permissions alone (many cases
call for more flexibility), it is also true that having denials
complicates the framework (mostly also since when you start having denials
you start thinking of the different semantics that they can carry - and
that who specified the rule may have intended).

i had proposed an alternative solution inspired by a recent work, which
goes as follows. Distinguish two kinds of rules:

1) the ones that specify sufficient conditions (which are the permissions
above)

2) the ones that specify necessary conditions.

instead of repeating descriptions and examples here, i am attaching you a
file of that work where the two forms of rules are introduced (Section
4.2). Of course our language is different as more expressive; but that
gives the idea.

only one thing, what i call "subject"
there is our "principal", what i call "object" is our "resource"

pls just send me email (or post the group) for any clarification that may
be needed, and any comments.

best
-p

> Subject: Re: [xacml] Agenda for November 15 Telecon...
>
>
> Hi
>
> we (milan) are having problem joining the call, a voice says "code is not
> valid". anyone else is having this problem?
>
> -p
>
> On Wed, 14 Nov 2001, Carlisle Adams
> wrote:
>
> > Date:  Thursday, November 15, 2001
> > Time: 10:00 AM EST
> >
> > Tel: 512-225-3050 Access Code: 65998
> >
> > Proposed Agenda:
> >
> > 10:00-10:10 Roll Call and Agenda Review
> > 10:10-10:15 Vote to accept minutes of November 1 meeting
> > http://lists.oasis-open.org/archives/xacml/200111/msg00003.html
> > 10:15-10:20 Administrative Items (e-mail voting; non-TC member access to
> > mail list)
> > 10:20-10:25 Discussion of Policy Model work description
> > http://www.oasis-open.org/committees/xacml/sc-model.shtml
> > 10:25-10:35 Report of Policy Model Sub-Committee
> > 10:35-10:40 Report of other sub-committees (conformance, IP, security &
> > privacy considerations)
> > 10:40-10:50 Discussion of next Face-to-Face (U.S. West coast, sometime in
> > January)
> > 10:50-11:00 Discussion of proposed Schedule and Milestones (in particular,
> > draft spec by Dec. 1)
> >
> > Carlisle.
> >
> >
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>

sec2001.ps



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC