[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Rule References
On 6 June, bill parducci writes: Re: [xacml] Rule References > what i think we need to consider is what XACML is defined to achieve. if > it is simply a mechanism for the *interchage* of policy information then > the integrity of the policy demands that all externally referenced > information be fully disclosed at the time of transfer (excluding > *static* references like specifications, standards, etc.) this then > means that an additional mechanism for the full disclosure of external > references must be defined or that the the contents of these references > be incorporated into the policy in expanded form. Using XACML as a policy transfer language is only one of the functions it was defined to achieve. I see an even more important function to be allowing standard PDPs to be implemented, rather than requiring each application to implement its own policy evaluation engine. During a transition period, I expect many products to use XACML primarily as a transfer language, which will be translated into their existing "native" policy language prior to evaluation. Use of XACML in this way, however, typically means that the XACML policies must be severely constrained, since it is hard to translate the expressive logic of unconstrained XACML policies into most existing application policy languages. Constraining the input XACML policies, however, means that the policy administration tools must support the constraints, meaning that "standard" policy administration tools can't be used. I think the push over time will be for more products to use native XACML evaluation engines. I also expect that newer products will start out with a native XACML evaluation engine. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]