[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Reference to obligations and privacy data
As discussed at today's TC mtg, in the context of possible relevance to the
work Bill and Michiharu are doing on obligations, we have been considering
using obligations for privacy data, w the PEP responsible for coordinating
w the requestor esp. in the case where the requestor is looking to access
private data.
This was brought up as part of issue 61: "I am particularly interested
in how privacy requirements might be set up in the original policy since
these are generally not part of the authorization process, per se', but
possibly could be considered to be modeled as XACML Obligations. Any
guidance on this in reply to issue or changes to doc would be much
appreciated."
There actually is a ref to this in the xacml email, it was part of the
RSA presentation,
but in retrospect, one would really need to look hard to find it (you
don't need to
go thru the steps unless interested, but the aapml doc is the last on
the list to
go directly to it):
original email on rsa pres:
http://lists.oasis-open.org/archives/xacml/200702/msg00009.html
points to rsa presentation
http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/22335/RSA-V09.ppt
on slide 13 is ref to IGF:
http://www.oracle.com/goto/igf
on the page that comes up the aapml spec is at:
http://www.oracle.com/technology/tech/standards/idm/igf/pdf/IGF-AAPML-spec-08.pdf
We would appreciate any feedback on this, esp in the context of Anne's
WS-XACML
approach to privacy data (note: the aapml approach is not WS-specific,
it is intended that
any PEP can handle it in any manner, presumably also could merge in to
Anne's WS-XACML
method as well).
Thanks,
Rich
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]