OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft

Anne Anderson wrote:

> A subject wants to view a given hospital patient record, which is
> an XML document file.  The policy is that subjects can view
> patient records only if they are in role "hospital administrator"
> or if their "subject-id" matches the <attending physician> or
> <patient name> values in the patient record.
> The system does not want to have to ask about each node in the
> record, because its policy is either to give access to the entire
> document or not at all.
> I think this is a realistic use case.

how does the system 'not ask about each node', yet evaluate them 
individually? i assume the assumption is that there is a deny-override 
mechanism that allows the system to discontinue evaluation once it hits 
a deny on a component? (in that case the schema designer had better put 
the sensitive stuff first! ;o)

also, it would seem that the additional administrative burden (element 
level security access rules) would warrant a level of protection that is 
equally as granular? i dunno, it just seems like a stretch to me because 
my experience is that 'all or nothing' access control is generally 
associated with 'all or nothing' access control policy. ('hospital 
administrator' can see doc, 'bill' can't).


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]