[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML RBAC Profile Version 2.0, Draft 02
Attached is working draft 2 of the XACML RBAC Profile 2.0. The following changes since the 1.0 Committee Draft Version are included: Draft 01 1. Add RECOMMENDed use of a specific AttributeId for role attributes. DataType anyURI. 2. Examples brought up-to-date for XACML 2.0 (I think), and to make use of the recommended AttributeId. Draft 02 3. Add non-normative Scope section that describes what this Profile does and does not do (it does NOT provide way to answer the question "What roles does subject X have?") 4. Add non-normative discussion of how roles are obtained for use with this Profile. 5. Add normative, but optional HasPrivilegesOfRole <Policy>, that supports queries of the form "Does a given subject, whose senior roles are known, have the privileges of some specific role?" 6. Add normative "Identifiers" section that defines: a. A URN to identify this Profile b. A new optional SubjectCategory (role-enablement-authority) c. Two specific, optional, AttributeIds for Action Attributes: hasPrivilegesOfRole and enableRole. 7. Label Simon and Bill as GlueCode Software 8. Add Aleksey Studnev, Exigen Group, to the Acknowledgments page, since his questions and suggestions led to the HasPrivilegesOfRole policies and motivated the discussion of how roles are obtained. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
XACML RBAC Profile Version 2.0, Draft 02 (OpenOffice)
XACML RBAC Profile Version 2.0, Draft 02 (PDF)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]