[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Alternative to Michiharu's proposal. (fwd)
I can live with it too. Thanks, Polar. -Anne "bill parducci" <bill.parducci@overxeer.com> wrote: >Date: Wed, 09 Oct 2002 15:48:42 -0700 >you only need to choose between 'a XACML' and 'an XACML', other than that i can >live with it. :o) > >b > >Polar Humenn wrote: >> Opps, I noticed a couple nuances when it came back to me as well. I'm done >> for the day. A rewording based on Bill's suggestions: >> >> 7.1 Use Profile for XACML Request >> >! This section describes the use profile for using an XACML PDP in an >> application environment. This use profile covers the case of a PEP that is >> configured to make authorization queries to a single PDP. PEP to multiple >> PDP configurations are outside of the scope of this specification. >> >> An application functions in the role of the PEP if it guards access to a >> particular resource and asks the PDP for an access decision. The PEP that >> asks the PDP for an access decision SHALL abide by the result of that >> access decision in the following way: >> >> A PEP SHALL allow access to the particular resource ONLY IF a valid XACML >> response of "Permit" is returned by the PDP. The PEP SHALL deny access to >! the particular resource in all other cases. An XACML response of "Permit" >> SHALL be considered valid ONLY IF the PEP understands all of the >> obligations that may be contained in the response. >> >> A PEP that receives a valid XACML response of "Permit" with obligations >> SHALL be responsible for fulfilling all of those obligations. A PEP that >! receives a XACML response of "Deny" with obligations SHALL be responsible >> for fulfilling all of the obligations that it understands. >> >> --- >> >> Did I mess anything up? >> >> Cheers, >> -Polar > > >---------------------------------------------------------------- >To subscribe or unsubscribe from this elist use the subscription >manager: <http://lists.oasis-open.org/ob/adm.pl> Anne --------- Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group Sun Labs, Burlington, MA Phone: 781-442-0928
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC