OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Action implication and propagation in XACML



> Now I
> assume that the PDP supports one more new value
for "scope" attribute:
> "Ascendants".

You know, I was toying with this idea too. :)

It certainly would solve the particular use case
that we're looking at right now (a tree-based
resource model).The problem is that, as you pointed
out, it will only solve the case of some particular
model, so we might have to come up with other scopes
or just decide there are only certain supported
models. Of course, it's a slippery slope to changing
the scope attribute to be an xs:anyURI and then
letting that have much of the functionality we were
looking for with implicit checks. Gah. I can't
believe I even brought up that issue...

Bottom line, I'm kinda ambivalent on the Ascendants
issue. What do other people think?


seth



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]