[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Reference to obligations and privacy data
As discussed at today's TC mtg, in the context of possible relevance to the work Bill and Michiharu are doing on obligations, we have been considering using obligations for privacy data, w the PEP responsible for coordinating w the requestor esp. in the case where the requestor is looking to access private data. This was brought up as part of issue 61: "I am particularly interested in how privacy requirements might be set up in the original policy since these are generally not part of the authorization process, per se', but possibly could be considered to be modeled as XACML Obligations. Any guidance on this in reply to issue or changes to doc would be much appreciated." There actually is a ref to this in the xacml email, it was part of the RSA presentation, but in retrospect, one would really need to look hard to find it (you don't need to go thru the steps unless interested, but the aapml doc is the last on the list to go directly to it): original email on rsa pres: http://lists.oasis-open.org/archives/xacml/200702/msg00009.html points to rsa presentation http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/22335/RSA-V09.ppt on slide 13 is ref to IGF: http://www.oracle.com/goto/igf on the page that comes up the aapml spec is at: http://www.oracle.com/technology/tech/standards/idm/igf/pdf/IGF-AAPML-spec-08.pdf We would appreciate any feedback on this, esp in the context of Anne's WS-XACML approach to privacy data (note: the aapml approach is not WS-specific, it is intended that any PEP can handle it in any manner, presumably also could merge in to Anne's WS-XACML method as well). Thanks, Rich
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]