[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Proposed resolution to PM-1-01: Negative Authorizations
I would like to propose resolutions as follows: ISSUE: PM-1-01: Negative Authorizations Resolution: XACML allows policy writers to specify positive (permit) or negative (deny) authorization. The negative authorization is specified using the effect element with "deny" in the rule with corresponding rule set combiner such as "meta-policy-1" meaning the global-deny semantics. Using the rule combiner (XACML extension point), the semantics of the negative authorization varies depending on the user-defined rule combiner. PM-1-01-A discusses about the global-deny semantics. Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC