OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] question about splitting WSPL document

Hi Anne,

Anne Anderson wrote:

> Frank,
> 
> I have a question about your proposal to split the "merge
> algorithm" part of WSPL from the "bindings" part.
> 
> The merge algorithm makes use of the binding information:
> 
>   top-level <PolicySet/Target/Resources> element identifies
>      the WSDL 1.1 port
>   2nd-level <PolicySet/Target/Actions> element identifies the
>      WSDL 1.1 operation
>   2nd-level <PolicySet/Target/Resources> element identifies the
>      WSDL 1.1 message
>   <Policy/Target/Resources> element identifies the aspect of
>      policy
> 
> Policies are merged only where these are all coincident.
> 
> With the scope change, we will have only one "aspect" value
> (authorization/access control/entitlement).
> 
> We could define the merge algorithm such that it assumes the
> Target elements in the PolicySets and Policies are all
> coincident.  Is that what you mean?

My split proposal was based on the high level observation that there may be many 
more policies that have the property that they can be expressed in a similar 
hierarchical-like matter as the port/operation/message. (corba and EJBs come to 
mind).

Maybe by discussing different classes of these policies, one could deal first 
with the case where there is only a single resource-level objective, similar to 
only having policies apply to the port.
After that deal maybe with two resource-level objectives, one resource and an 
action-level objective, etc.

To be honest, I still have to get used to Tim's "xacml-combiner speak" and I'm 
having a hard time to understand all the consequences and applicability. By 
bringing it up one level in abstraction, it may also be easier to understand how 
we map it to specific application bindings, like wsdl/port/operation-message.

My hope is that the upcoming F2F will allow us to drill down on some of these ideas.

Regards, Frank.


-- 
Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]