[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] A proposal for Context
I have a small proposal on Simon's context.
1. We do not call the "subject" of the AuthorizationQuery the "Requestor".
The "subject" of the authorization query is merely the subject, it is
not really requesting anything. I don't hold really hold to the idea
that the subject always "requesting access".
I'd rather see the subject of the request be a structured principal, at
first, just one level, but later be able to be extended for more complex
principals.
<x:Principal>
<x:NameIdentifier>....</x:NameIdentifier>
</xPrincipal>
<x:SimplePrincipal>
<x:NameIdentifier>....</x:NameIdentifier>
<x:AlternateNames>
<x:NameIdentifier>...<x:NameIdentifer>
</x:AlternateNames>
</x:SimplePrincipal>
and later on extend Principal to be Complex Principal, such as
<x:ForPrincipal>
<x:Speaking>
<x:SimplePrincipal>....</x:SimplePrinipal>
</x:Speacking>
<x:SpeakingFor>
<x:SimplePrincipal>....</x:SimplePrinipal>
</x:SpeackingFor>
</x:ForPrincipal>
Cheers,
-Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC