OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] Alternative to Michiharu's proposal. (fwd)


I can live with it too.  Thanks, Polar.  -Anne

"bill parducci" <bill.parducci@overxeer.com> wrote:
>Date: Wed, 09 Oct 2002 15:48:42 -0700
>you only need to choose between 'a XACML' and 'an XACML', other than that i can
>live with it. :o)
>
>b
>
>Polar Humenn wrote:
>> Opps, I noticed a couple nuances when it came back to me as well. I'm done
>> for the day. A rewording based on Bill's suggestions:
>> 
>> 7.1 Use Profile for XACML Request
>> 
>! This section describes the use profile for using an XACML PDP in an
>> application environment. This use profile covers the case of a PEP that is
>> configured to make authorization queries to a single PDP. PEP to multiple
>> PDP configurations are outside of the scope of this specification.
>> 
>> An application functions in the role of the PEP if it guards access to a
>> particular resource and asks the PDP for an access decision. The PEP that
>> asks the PDP for an access decision SHALL abide by the result of that
>> access decision in the following way:
>> 
>> A PEP SHALL allow access to the particular resource ONLY IF a valid XACML
>> response of "Permit" is returned by the PDP. The PEP SHALL deny access to
>! the particular resource in all other cases. An XACML response of "Permit"
>> SHALL be considered valid ONLY IF the PEP understands all of the
>> obligations that may be contained in the response.
>> 
>> A PEP that receives a valid XACML response of "Permit" with obligations
>> SHALL be responsible for fulfilling all of those obligations. A PEP that
>! receives a XACML response of "Deny" with obligations SHALL be responsible
>> for fulfilling all of the obligations that it understands.
>> 
>> ---
>> 
>>  Did I mess anything up?
>> 
>> Cheers,
>> -Polar
>
>
>----------------------------------------------------------------
>To subscribe or unsubscribe from this elist use the subscription
>manager: <http://lists.oasis-open.org/ob/adm.pl>

Anne
---------
Anne Anderson                     Anne.Anderson@Sun.COM
Internet Security Research Group
Sun Labs, Burlington, MA          Phone: 781-442-0928



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC