OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] Comparing XACML with WS Policy framework


Title: Comparing ACME with WS Policy framework
Colleagues - A couple more observations:
 
1. Early in the XACML project we clarified that "combining" meant combining the "results" of policies or rules, rather than combining policies themselves.  It seems now that there is a need to combine policies and rules also.  I expect that it is only practical to combine isomorphic policies or rules.  This is why the WSS-QoP specification defined a rigid structure of services containing mechanisms, with an implied logic ("and" for services and "or" for mechanisms).
 
2. WSPF supports capabilities.  In this context "capabilities" means functions that a service "can", and "is willing", to perform, but that it is not "required" to perform.  The authors introduce an ad hoc logic system to express this.  XACML is also capable of expressing capabilities within its formal logic system.  This is best illustrated by an example:
 
<policyId = Policy1>
<or>
    <Capability1>
    <true>
</or>
 
This indicates that the target of the policy has the capability: Capability1.  It is of little interest to a PDP, which would always evaluate this expression to "true".  However, an algorithm that combines this policy with the policy:
 
<policyId = Policy2>
<or>
    <Capability1>
</or>
 
would create the definitive policy:
 
<policyId = Policy3>
<or>
    <Capability1>
</or>
 
which would be acceptable to the authors of both Policy1 and Policy2.
 
All the best.  Tim.
-----Original Message-----
From: Tim Moses [mailto:tim.moses@entrust.com]
Sent: Wednesday, January 29, 2003 4:16 PM
To: 'XACML'
Subject: [xacml] Comparing ACME with WS Policy framework

Colleagues - Here are some preliminary thoughts on the relationship between the OASIS standard XACML and the proprietary WS Policy framework.  I am interested in other people's views.  All the best.  Tim.

-----------------------------------------------------------------
Tim Moses
613.270.3183



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC