OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Managing with XACML

Tim,

I read over your paper, and find it interesting - it is pretty
much what I have described to people as a "hack" if they want to
do this type of thing with XACML.

A component your paper does not describe is "state": ECA policies
often seem to use "state".  Part of the solution is simple: the
Management Profile or Extension could require that the PDP return
an Attribute containing the new state among the Obligations, and
could require that the PEP pass in the most recently returned
state Attribute with the next request.  One issue, however, is
that, since Rules in multiple policies may be triggered, more
than one "state" Attribute might be returned: how could this be
managed theoretically and practically?  Another issue with state
is what the state is associated with: is it a session that is
maintained by the PEP, or is it an overall state maintained by
the PDP?

While I think this would be useful work, I doubt I would have
much time to devote to it.  If my role was merely to comment on a
specification developed by someone else, I would be happy to do
that.  There may be other people at Sun who would be interested
in this, however, so I will ask around.

I want to have someone here who deals more with ECA policies to
look it over and comment on other issues that might need to be
considered.

Anne

On 9 September, Tim Moses writes: [xacml] Managing with XACML
 > From: Tim Moses <tim.moses@entrust.com>
 > To: 'XACML' <xacml@lists.oasis-open.org>
 > Subject: [xacml] Managing with XACML
 > Date: Thu, 09 Sep 2004 10:27:36 -0400
 > 
 > Colleagues - Attached is a short paper containing some ideas on adapting
 > XACML for expressing management-style policies.  Honestly, it really IS
 > short.  I would like to hear other peoples' views on the approach and
 > whether there is interest amongst the members in taking this work on.
 > 
 > All the best.  Tim.
 > 
 > -----------------------------------------------------------------
 > Tim Moses
 > 613.270.3183
 > 
 > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.

-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]