[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Comment on hierarchical Resource
>> - 7.13.2 resource-ancestor and resource-parent >> >> Resource-ancestor and resource-parent will not be used in the case of XML >> document. >Why not? >It seems straightforward to implement, would need to be >calculated only if the policy actually uses one of these >Attributes, and would allow XACML implementations that do not >support XPath expressions to express some useful policies with >respect to XML documents. Indeed. It would be convenient to have a clearly separable Xpath component in a system that interoperates nicely with the base XACML engine. P.S. On a related noted - the longer I look at this, the more I am convinced that we really need to split XACML into two "sister" standards, or documents - specification for protecting XML documents with Xpath based context definition, and for attribute based context. Work for 3.0? Mixing these two context definitions, sometimes within the same sentence, is getting uglier every day. Daniel.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]