I don’t see any technical reason why
SPML is inappropriate. Policy provisioning has been discussed by the
Provisioning TC as a usecase. In addition, there are specific features of SPML,
such as operators, batching, etc. which we would have to reinvent if we do not
use SPML. Do you see a specific technical problem or have an alternative
starting point in mind?
Hal
From: Anthony Nadalin
[mailto:drsecure@us.ibm.com]
Sent: Tuesday, March 06, 2007
10:27 AM
To: Prateek Mishra
Cc: Hal Lockhart;
xacml@lists.oasis-open.org
Subject: Re: [xacml] New Topic:
Policy Provisioning
Is SPML the proper protocol for policy lifecycle
mechanisms? Seems like a bit of a stretch
Anthony Nadalin | Work 512.838.0085 | Cell 512.289.4122
Prateek Mishra <prateek.mishra@oracle.com>
|
Prateek
Mishra <prateek.mishra@oracle.com> 03/06/2007 08:56 AM |
|
Hal,
Your proposed approach is of interest to us.
I will obtain additional feedback on this issue
and post the use-cases
of interest to us.
- prateek
> I have taken a further look at SPML and
suggest the following might be a
> reasonable approach. Base the implementation
on the SPML v2 - XSD
> Profile. Use Policy ID as the PSO Identifier.
Using SPML defined
> operations the PAP can inquire of a PDP what
policies it currently has.
> Using SPML the PAP can add, modify and delete
policies as required.
> Using the SPML Batch capability, the PAP can
insure that a set of
> updates is applied as a unit, thus avoiding
the problem of the PDP
> making decisions on some inconsistent,
interim set of policies. SPML
> also provides other potentially useful
features such as error codes,
> asynchronous operations and capability
queries.
>
> The main thing that this proposal requires is
people who are willing to
> contribute to the work and edit the document.
>
> Hal
>
>