[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Fundamental concepts in XACML
Hi Anne,
I agree; this is an excellent starter list (and John's early help here is greatly appreciated!).
I might add a couple of extra items:
- use of arbitrarily-specified, arbitrarily-complex, combining algorithms (e.g., "most recent takes precedence", or "policy from this issuer takes precedence", etc.; not just Boolean combinations)
- hierarchical policies or, "distributed policy writers" (i.e., not just combinations of rules, but also combinations of other policies are possible).
Carlisle.
----------
From: Anne Anderson[SMTP:Anne.Anderson@Sun.com]
Reply To: Anne.Anderson@Sun.com
Sent: Monday, June 17, 2002 10:53 AM
To: XACML TC
Subject: [xacml] Fundamental concepts in XACML
For our "background" section, I thought it would be helpful for
us to identify the fundamental concepts and mechanisms used in
XACML. We can then identify the earlier work that developed
those concepts and mechanisms.
Here is a starter list:
-Describing access request in terms of:
Subject -> Action -> Resource/Object
-Request including attributes of Subject and Resource/Object
-Policy based on attributes of Subject and Resource/Object
o Attribute-based rules
o Identity-based rules
-Rule based access control
-Access control language
-Boolean operations on access rules
-Obligations as part of rules
Any others? Any refinements to this list?
John Erickson, in e-mail to the Rights Language TC, listed some
early references to work on policies attached to resources. We
can make use of his list for some items, I'm sure.
http://lists.oasis-open.org/archives/rights/200206/msg00029.html
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC