[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] XACML 2.0 Work Items
Does #2 imply that some schema for functions declarations will be defined? One may need to "find" extension functions, but to validate policy before the evaluation such function type signature needs to be declared somehow. Daniel. -----Original Message----- From: Anne Anderson [mailto:Anne.Anderson@Sun.com] Sent: Thursday, July 31, 2003 1:01 PM To: XACML TC Subject: [xacml] XACML 2.0 Work Items The Focus Group this morning identified potential XACML 2.0 work items. I took the liberty of adding a few more that I remembered while writing up these minutes. We can change the status of various items (i.e. DROP or POSTPONE), and can add new ones, but we will not re-use any item numbers. If an item splits or becomes something different, we will create new items rather than change existing item numbers. 1. Grid Requirements Any XACML changes needed to satisfy Grid requirements STATUS: Abstract Work Item. As specific changes are identified, they will become individual work items with their own numbers, listed here. Current specific work items: #2, 3, 4. 2. Location Information Way to pass location information needed to evaluate a policy. Examples of such information are: o where to find various Attributes, o where Attribute Authorities to be used are located o where to find function, combining algorithm, data-type, Attribute parsing code Such information might be embedded in either of a. an XACML Request b. an XACML policy STATUS: potential work item. 3. Multiple Actions per Request Support Requests containing multiple Actions. Response could either say "All permitted/denied" or could include a separate decision for each. STATUS: potential work item. 4. Multiple Resources per Request Support Requests containing multiple Resources. Response could either say "All permitted/denied" or could include a separate decision for each. STATUS: potential work item. 5. Privacy Requirements Any XACML changes needed to satisfy Privacy requirements. STATUS: Abstract Work Item. As specific changes are identified, they will become individual work items with their own numbers, listed here. 6. Domain-specific identifiers Define a set of domain-specific identifiers based on application usage of XACML. STATUS: Postponed from 1.1. 7. ConditionReference Allow a Rule to contain a ConditionReference element as an alternative to a Condition element. The ConditionReference would identify a Condition element specified elsewhere. An optional ConditionId attribute would be added to the Condition element to support this. STATUS: Postponed from 1.1. PROPOSAL: http://lists.oasis-open.org/archives/xacml/200304/msg00039.html 8. RuleReference STATUS: Postponed from 1.1. PROPOSAL: http://lists.oasis-open.org/archives/xacml/200305/msg00004.html 9. Hierarchical entities How to express policies and requests that apply to a hierarchy of subjects, resources, or actions. STATUS: Postponed from 1.1. PROPOSALS: http://lists.oasis-open.org/archives/xacml/200304/msg00057.html http://lists.oasis-open.org/archives/xacml/200305/msg00009.html 10. Parameters for Combining Algorithms Support an element or attribute in a PolicySet, Policy, or Rule that provides parameters to be used by a Combining Algorithm that is combining the PolicySet, Policy, or Rule. STATUS: Postponed from 1.1. PROPOSAL: http://lists.oasis-open.org/archives/xacml/200305/msg00014.html 11. XACML Extension Points Define schema extension points for XACML. This work item might solve the requirements driving several other work items. STATUS: potential work item. 12. Environment Element in Target Allow the Target Element to include an Environment element, just as it now includes Subject, Resource, and Action elements. STATUS: Postponed from 1.1. PROPOSAL: http://lists.oasis-open.org/archives/xacml/200305/msg00012.html 13. Optional Target Elements Make Subjects, Resources, Actions elements optional in a Target. Missing element has same semantics as <Any.../> Make Target itself optional. Missing element has same semantics as a Target containing <AnySubject/>, <AnyResource/>, <AnyAction/>. STATUS: potential work item. 14. Signature envelope requirements Any new XACML work items to meet requirements for signature envelopes around an XACML schema instance, such as including an XACML Policy or Request in a signed SAML Assertion. STATUS: Abstract Work Item. As specific changes are identified, they will become individual work items with their own numbers, listed here. 15. Encrypted XACML schema instance requirements Any new XACML work items to meet requirements for encrypted XACML Policy or Context schema instances. STATUS: Abstract Work Item. As specific changes are identified, they will become individual work items with their own numbers, listed here. 16. XACML Policy in SAML Response Conditions Profile uses of XACML Policy instances as a syntax for specifying Conditions in a SAML Response. 17. XACML Policy in SAML Request Conditions Profile use of SAML Conditions element as a way for a PEP to pass an XACML Policy to be used by the PDP in evaluating the Request. STATUS: potential work item. 18. Obligations in Rules Allow Rule to contain Obligations. STATUS: postponed from 1.1 PROPOSAL: http://lists.oasis-open.org/archives/xacml/200305/msg00011.html 19. Rule as lowest administrative unit Allow a Rule to be the lowest administrative unit for XACML. Probably required to support RuleReference. STATUS: potential work item. 20. Non-normative XACML interpretation guide Rationale, examples, possible implementation models; general information that would help XACML users know the intent of the XACML TC for the use of XACML elements. STATUS: potential work item. Probably parallel to XACML 2.0. 21. Non-normative XACML Primer Primer for XACML usage. STATUS: potential work item. Probably parallel to XACML 2.0. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 *************************************** SunNetwork 2003 Conference and Pavilion "An unparalleled event in network computing! Make the net work for you!" WHEN: September 16-18, 2003 WHERE: Moscone Center, San Francisco For more information or to register for the conference, please visit: http://www.sun.com/sunnetwork You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro up.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]