OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] XACML Extensibility Points and J2SE requirements

[Disclaimer: none of the following represents a commitment by Sun
 or by the Java Community to implement XACML or, if implemented,
 to implement it in ways suggested below.  This is an individual
 contribution from Anne Anderson, attempting to ensure that the
 Java Community would be able to implement XACML for use with
 Java applications should a group desire to do so.]

In response to my action item from the Face-to-Face, I have
reviewed the "XACML extensibility points (non-normative)" section
of v0.15.doc to see if changes or additions are required to meet
J2SE requirements.

The current section needs to be re-written to fit the current
schema, but there are no specific changes required for J2SE.  The
current XACML schema and model are sufficient to implement J2SE
requirements.

Important extensibility points (that currently exist) from the
J2SE point of view are:

  FunctionId : since type is a QName, it is possible for a PDP to
     support additional non-normative functions that might be
     required to implement J2SE Permission "implies" semantics.

  AttributeId : since type is xs:anyURI, it is possible for a PDP
     to support additional non-normative attribute types.  Such
     additional attribute types will be required by any
     application domain such as J2SE to support attributes
     specific to its context.

  DataType : since type is xs:anyURI, it is possible for a PDP to
     support additional non-normative data types.  Such
     additional data types may be required by any application
     domain such as J2SE to support data specific to its context.
  
  Multiple subjects : since multiple subjects are supported in an
     XACML context, it is possible to associate different sets of
     attributes with each subject.  Included among the attribute
     identifiers for a context Subject is
     "urn:oasis:names:tc:xacml:1.0:subject:subject-category",
     with values of
     "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject"
     and "urn:oasis:names:tc:xacml:1.0:subject-category:codebase".
     These values support the current J2SE subject types, and
     allow for any future types that may be added.

Anne Anderson
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC