OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: Fwd: [xacml] Multiple subjects in XACML


Argyn wrote:
> ---------- Forwarded message ----------
> From: Argyn <jawabean@gmail.com>
> Date: Feb 19, 2007 10:44 AM
> Subject: Re: [xacml] Multiple subjects in XACML
> To: Erik Rissanen <mirty@sics.se>
>
>
> On 2/19/07, Erik Rissanen <mirty@sics.se> wrote:
>> Hal raised the concern that this is a bug in 2.0, since there could for
>> instance be multiple intermediate subjects, and this was a use case
>> which 2.0 should handle.
>>
>> I wasn't a member of the TC when 2.0 was designed, so I don't know if it
>> is a bug or a feature, but if it is a bug, it's a major one. If the
>> multiple subjects are really considered to be distinct subjects, there
>> are still no mechanisms by which policies can refer to them in a
>> meaningful manner. If an attribute designator is used to fetch
>> attributes from the request, it would mix up the attributes from
>> different distinct subjects. This is the same problem which we had with
>> multiple distinct IndirectDelegates, which is the reason I introduced
>> the MultipleCondition, which could be used to constrain distinct
>> indirect delegates.
>
> we discussed it with Seth once. it looked strange to me when I first
> read it. as far as I know XACML implementations support this feature
> as it is written.
>
> argyn

When you mean "support this feature as it is written", do you mean that
multiple subjects with the same subject category are not treated as
distinct subjects by implementations?

Sorry, but I am just a bit confused by the "support" and "written",
since my interpretation of the writing is that distinct subjects with
equal categories are not supported. ;-)

Regards,
Erik



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]