OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: XACML RBAC Profile Version 2.0, Draft 02

Attached is working draft 2 of the XACML RBAC Profile 2.0.  The
following changes since the 1.0 Committee Draft Version are

Draft 01
1. Add RECOMMENDed use of a specific AttributeId for role
   attributes. DataType anyURI.
2. Examples brought up-to-date for XACML 2.0 (I think), and to
   make use of the recommended AttributeId.

Draft 02
3. Add non-normative Scope section that describes what this
   Profile does and does not do (it does NOT provide way to
   answer the question "What roles does subject X have?")
4. Add non-normative discussion of how roles are obtained for use
   with this Profile.
5. Add normative, but optional HasPrivilegesOfRole <Policy>, that
   supports queries of the form "Does a given subject, whose
   senior roles are known, have the privileges of some specific
6. Add normative "Identifiers" section that defines:
   a. A URN to identify this Profile
   b. A new optional SubjectCategory (role-enablement-authority)
   c. Two specific, optional, AttributeIds for Action Attributes:
      hasPrivilegesOfRole and enableRole.
7. Label Simon and Bill as GlueCode Software
8. Add Aleksey Studnev, Exigen Group, to the Acknowledgments
   page, since his questions and suggestions led to the
   HasPrivilegesOfRole policies and motivated the discussion of
   how roles are obtained.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

XACML RBAC Profile Version 2.0, Draft 02 (OpenOffice)

XACML RBAC Profile Version 2.0, Draft 02 (PDF)

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]