[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] XACML 2.0 Work Items
#2 does not imply this. It would probably be needed if we are to find parsing code for new FunctionIds, however, so I will add it as a new work item tied to #2. Anne On 31 July, Daniel Engovatov writes: RE: [xacml] XACML 2.0 Work Items > From: "Daniel Engovatov" <dengovatov@bea.com> > To: "XACML TC" <xacml@lists.oasis-open.org> > Subject: RE: [xacml] XACML 2.0 Work Items > Date: Thu, 31 Jul 2003 15:38:49 -0700 > > Does #2 imply that some schema for functions declarations will be > defined? > One may need to "find" extension functions, but to validate policy > before the evaluation such function type signature needs to be declared > somehow. > > Daniel. > > > -----Original Message----- > From: Anne Anderson [mailto:Anne.Anderson@Sun.com] > Sent: Thursday, July 31, 2003 1:01 PM > To: XACML TC > Subject: [xacml] XACML 2.0 Work Items > > The Focus Group this morning identified potential XACML 2.0 work > items. I took the liberty of adding a few more that I remembered > while writing up these minutes. > > We can change the status of various items (i.e. DROP or > POSTPONE), and can add new ones, but we will not re-use any item > numbers. If an item splits or becomes something different, we > will create new items rather than change existing item numbers. > > 1. Grid Requirements > > Any XACML changes needed to satisfy Grid requirements > > STATUS: Abstract Work Item. As specific changes are > identified, they will become individual work items with > their own numbers, listed here. > Current specific work items: #2, 3, 4. > > 2. Location Information > > Way to pass location information needed to evaluate a policy. > Examples of such information are: > o where to find various Attributes, > o where Attribute Authorities to be used are located > o where to find function, combining algorithm, data-type, > Attribute parsing code > Such information might be embedded in either of > a. an XACML Request > b. an XACML policy > > STATUS: potential work item. > > 3. Multiple Actions per Request > > Support Requests containing multiple Actions. Response could > either say "All permitted/denied" or could include a separate > decision for each. > > STATUS: potential work item. > > 4. Multiple Resources per Request > > Support Requests containing multiple Resources. Response > could either say "All permitted/denied" or could include a > separate decision for each. > > STATUS: potential work item. > > 5. Privacy Requirements > > Any XACML changes needed to satisfy Privacy requirements. > > STATUS: Abstract Work Item. As specific changes are > identified, they will become individual work items with > their own numbers, listed here. > > 6. Domain-specific identifiers > > Define a set of domain-specific identifiers based on > application usage of XACML. > > STATUS: Postponed from 1.1. > > 7. ConditionReference > > Allow a Rule to contain a ConditionReference element as an > alternative to a Condition element. The ConditionReference > would identify a Condition element specified elsewhere. An > optional ConditionId attribute would be added to the Condition > element to support this. > > STATUS: Postponed from 1.1. > PROPOSAL: > http://lists.oasis-open.org/archives/xacml/200304/msg00039.html > > 8. RuleReference > > STATUS: Postponed from 1.1. > PROPOSAL: > http://lists.oasis-open.org/archives/xacml/200305/msg00004.html > > 9. Hierarchical entities > > How to express policies and requests that apply to a hierarchy > of subjects, resources, or actions. > > STATUS: Postponed from 1.1. > PROPOSALS: > http://lists.oasis-open.org/archives/xacml/200304/msg00057.html > http://lists.oasis-open.org/archives/xacml/200305/msg00009.html > > 10. Parameters for Combining Algorithms > > Support an element or attribute in a PolicySet, Policy, or Rule > that provides parameters to be used by a Combining Algorithm > that is combining the PolicySet, Policy, or Rule. > > STATUS: Postponed from 1.1. > PROPOSAL: > http://lists.oasis-open.org/archives/xacml/200305/msg00014.html > > 11. XACML Extension Points > > Define schema extension points for XACML. This work item > might solve the requirements driving several other work > items. > > STATUS: potential work item. > > 12. Environment Element in Target > > Allow the Target Element to include an Environment element, > just as it now includes Subject, Resource, and Action > elements. > > STATUS: Postponed from 1.1. > PROPOSAL: > http://lists.oasis-open.org/archives/xacml/200305/msg00012.html > > 13. Optional Target Elements > > Make Subjects, Resources, Actions elements optional in a > Target. Missing element has same semantics as <Any.../> > Make Target itself optional. Missing element has same > semantics as a Target containing <AnySubject/>, > <AnyResource/>, <AnyAction/>. > > STATUS: potential work item. > > 14. Signature envelope requirements > > Any new XACML work items to meet requirements for signature > envelopes around an XACML schema instance, such as including > an XACML Policy or Request in a signed SAML Assertion. > > STATUS: Abstract Work Item. As specific changes are > identified, they will become individual work items with > their own numbers, listed here. > > 15. Encrypted XACML schema instance requirements > > Any new XACML work items to meet requirements for encrypted > XACML Policy or Context schema instances. > > STATUS: Abstract Work Item. As specific changes are > identified, they will become individual work items with > their own numbers, listed here. > > 16. XACML Policy in SAML Response Conditions > > Profile uses of XACML Policy instances as a syntax for > specifying Conditions in a SAML Response. > > 17. XACML Policy in SAML Request Conditions > > Profile use of SAML Conditions element as a way for a PEP to > pass an XACML Policy to be used by the PDP in evaluating the > Request. > > STATUS: potential work item. > > 18. Obligations in Rules > > Allow Rule to contain Obligations. > > STATUS: postponed from 1.1 > PROPOSAL: > http://lists.oasis-open.org/archives/xacml/200305/msg00011.html > > 19. Rule as lowest administrative unit > > Allow a Rule to be the lowest administrative unit for XACML. > Probably required to support RuleReference. > > STATUS: potential work item. > > 20. Non-normative XACML interpretation guide > > Rationale, examples, possible implementation models; general > information that would help XACML users know the intent of the > XACML TC for the use of XACML elements. > > STATUS: potential work item. Probably parallel to XACML 2.0. > > 21. Non-normative XACML Primer > > Primer for XACML usage. > > STATUS: potential work item. Probably parallel to XACML 2.0. > > Anne > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > *************************************** > SunNetwork 2003 Conference and Pavilion > "An unparalleled event in network computing! Make the net work for you!" > > WHEN: September 16-18, 2003 > WHERE: Moscone Center, San Francisco > > For more information or to register for the conference, please visit: > http://www.sun.com/sunnetwork > > > You may leave a Technical Committee at any time by visiting > http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgro > up.php > > > You may leave a Technical Committee at any time by visiting http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php > > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692 *************************************** SunNetwork 2003 Conference and Pavilion "An unparalleled event in network computing! Make the net work for you!" WHEN: September 16-18, 2003 WHERE: Moscone Center, San Francisco For more information or to register for the conference, please visit: http://www.sun.com/sunnetwork
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]