OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Proposed resolution to PM-1-01: Negative Authorizations

I would like to propose resolutions as follows:

ISSUE: PM-1-01: Negative Authorizations

XACML allows policy writers to specify positive (permit) or negative (deny)
authorization. The negative authorization is specified using the effect
element with "deny" in the rule with corresponding rule set combiner such
as "meta-policy-1" meaning the global-deny semantics. Using the rule
combiner (XACML extension point), the semantics of the negative
authorization varies depending on the user-defined rule combiner. PM-1-01-A
discusses about the global-deny semantics.

Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC