OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] [Model] Re: Composition Use Case

On Mon, 17 Dec 2001, Anne Anderson wrote:

> On 17 December, Polar Humenn writes: Re: [xacml] [Model] Re: Composition Use Case
>  > > I don't think the language syntax itself can handle the matching
>  > > rules for real-world sets of attributes.  I think the language
>  > > must have a way of pointing to executables for handling the
>  > > matching.
>  >
>  > And what assurance do you have that the executable does the right thing?
> The pointer to the executable should be supplied by the policy
> issuer, as a reflection of the issuer's intent.

What guarrantee does the policy issuer have that the executable will not
change at the time of issuance. More over, what assurance does the policy
evaluator have that the pointed to executable will not do something bad,
like creating a covert channel?

> The policy itself, which contains the pointer, must be signed.

Why? Cannot the policy be retrieved from a trusted source?

> The executable can be signed (either by the policy issuer or by a
> delegate), or the signed policy that contains the pointer could
> contain a hash of the executable.  There are certainly other ways.

By what method will the "executable" be signed? How can that "hash of the
executable" be interoperable, say if it's linked on a variety of different

And how does one retreive this executable should you not have one?


> Anne
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC