OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xacml] New Issue - XACML TC Description

> >"Representing and evaluating authorization policies that 
> control access to any resource that can be referenced using XML"
> I am not sure what referenced using XML is supposed to mean.  
> In fact our resources do not have to be referenced in any 
> particular way, as one may not use the request schema to 
> query the policy.

This was taken from the charter. The original proposal, (changed before
the first meeting), was that resources could ONLY be XML documents.

> >"Representing and evaluating authorization policies"
> Nice and to the point.  But why it should be only 
> authorization?  Maybe more general "access policies"?

Authorization and Access Control are generally regarded as rough
synonyms. Although some people may distinguish between them, I am not
aware of any consistent distinction that is widely agreed on.

I think the basic idea is that if you know what Access Control is, all
you need to know, is what XACML stands for. If not, perhaps you know
what Authorization is. ;-)


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]