[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: XACML RBAC Profile Version 2.0, Draft 02
Attached is working draft 2 of the XACML RBAC Profile 2.0. The
following changes since the 1.0 Committee Draft Version are
included:
Draft 01
1. Add RECOMMENDed use of a specific AttributeId for role
attributes. DataType anyURI.
2. Examples brought up-to-date for XACML 2.0 (I think), and to
make use of the recommended AttributeId.
Draft 02
3. Add non-normative Scope section that describes what this
Profile does and does not do (it does NOT provide way to
answer the question "What roles does subject X have?")
4. Add non-normative discussion of how roles are obtained for use
with this Profile.
5. Add normative, but optional HasPrivilegesOfRole <Policy>, that
supports queries of the form "Does a given subject, whose
senior roles are known, have the privileges of some specific
role?"
6. Add normative "Identifiers" section that defines:
a. A URN to identify this Profile
b. A new optional SubjectCategory (role-enablement-authority)
c. Two specific, optional, AttributeIds for Action Attributes:
hasPrivilegesOfRole and enableRole.
7. Label Simon and Bill as GlueCode Software
8. Add Aleksey Studnev, Exigen Group, to the Acknowledgments
page, since his questions and suggestions led to the
HasPrivilegesOfRole policies and motivated the discussion of
how roles are obtained.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
XACML RBAC Profile Version 2.0, Draft 02 (OpenOffice)
XACML RBAC Profile Version 2.0, Draft 02 (PDF)
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]