OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Brief summary of yesterday's focus group call

Tim, I don't believe that the "generalization" draft fits within the charter of XACML.

Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Inactive hide details for Tim Moses <tim.moses@entrust.com>Tim Moses <tim.moses@entrust.com>

          Tim Moses <tim.moses@entrust.com>

          03/25/2005 11:59 AM


XACML <xacml@lists.oasis-open.org>



[xacml] Brief summary of yesterday's focus group call

Present: Erik, Frank, Simon, Tim. Dave

We briefly discussed the 'generalization' draft. There were no objections to the direction it is taking.

We discussed Hal's draft on policy administration. Erik had provided comments and Frank has mailed a revised draft to the list.

There was agreement that 'flattening' is useful for 'administration' policies and for 'dynamic' policies that may be re-used. Flattening is only practical with a restricted form of the <Condition> element.

Frank pointed out that it will be the job of the context handler to construct the policy chain, by making repeated requests to the PDP. He advocates adding an element to <Target> to accommodate a 'Delegate' match specification. He raised the possibility of making <Target> even more general by allowing it to contain a conjunction of any match specifications. This suggestion had previously been made by Daniel. But, timing prevented us from considering the suggestion for v2.0.

The topic of issuers constraining delegation depth was raised and it was generally felt that this feature should be included.

Dave asked about separation of duties and whether administration policies need to accommodate such constraints. Tim suggested that separation of duty rules should appear in the access policy, not in the administration policy.

Frank reminded us that we need to modify the request context to accommodate policies supplied by the access requestor.

Discussion will continue on the list. Frank committed to issuing a new working draft on or before the 5th of April.

All the best. Tim.

GIF image

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]