OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XACML 2.0 Hierarchical Resources, Draft 2.0

I have produced a new revision of the proposed XACML 2.0 sections
on Hierarchical Resources.  PDF and msword versions are attached.

The revision has the following significant changes:

1) Proposes a standard URI representation for hierarchical
   resources that are not XML documents.  This representation
   allows use of the anyURI-equal and anyURI-match functions
   where the path to a requested node is important.  This
   representation may be overridden by a resource-specific
   Profile.

   I am using Profile rather loosely.  It might be a formal XACML
   or industry Profile specification, or it might be a less
   formal agreement between policy writers and PEPs for use of a
   given type of resource.  We may want to provide a formal
   definition.  The important thing is that any resource must be
   represented in only one way, so that all policies intended to
   apply to that resource will apply.

   Note that an objection to this standard representation has
   been raised by Daniel, yet other members requested it and
   think it is important.  The TC will have to decide whether to
   include this representation or not.

2) Specifies that multiple "resource-id" Attributes SHALL be
   specified where there is more than one normative
   representation of the identity of the requested resource.
   Where multiple "resource-id" Attributes exist in a Request
   evaluated by the PDP, they SHALL all refer to the same
   resource (i.e. this is not a way to request multiple resources
   in a single PDP evaluation).

   This is actually not just a hierarchical resources issue.  If
   a given resource has more than one normative representation,
   then all such representations must be supplied if all policies
   intended to apply to the resource are to apply.

3) Continues to require "resource-ancestor" and "resource-parent"
   Attributes be available for both XML and non-XML resources.

4) References the anyURI-equal and anyURI-match functions for use
   with standard URI representations of hierarchical resource
   nodes.

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

XACML 2.0 Hierarchical Resources, Draft 2.0

XACML 2.0 Hierarchical Resources, Draft 2.0

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]