[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] WI#9 Proposal: policies referring to hierarchical resources
>In the model I am trying to support, the policy writer does not necessarily >know the resource structure, and it is not necessarily static. The policy >writer knows that "any file in Anne's home directory subtree is readable by >Anne", but does not know all the files that might be in that subtree at the >time someone (maybe Anne) makes a request to read one of those files. But in this example he needs to know that this files are in "Anne_home_directory" But what if the subresource is a shared component? For example you want to write a rule that applies to "profile" directory (and all of it content) in every users directory, not just in "Anne" - and you want the user specific policy to propagate on it as well. This is a very typical use case: dynamically deployed applications make use of a common resource. This binding is dynamic - policy writer does not know what applications will use a resource, or what resources an application will use. You want a resource specific policy + application specific policy to apply. If you use attribute-based resource hierarchy, it is quite possible to do. Daniel;
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]