OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Issue#61:WS-XACML:How are the contents of XACMLAuthzAssertionsrepresented in the base XACML Policies

Anne Anderson - Sun Microsystems wrote:
> At the Face-to-Face, I said I would re-state on the list some options
> about how to keep an enterprise's internal authorization policy
> consistent with its XACMLAuthzAssertion Web Services policy.  Here
> they are.

Anne, here is another one:

OPTION 4: Tag parts of a common policy to be specific for the public or
private policies.

For instance:

<Policy RuleCombiningAlg="permit-overrides">
         role == "manager"
         resource == "salary-table"
    <Rule Effect="Permit">
        <!-- no condition here -->
               secret_attribute == "Foo"

A few lines of xslt could then extract the public respective private
policies from the common file, without the need to manually keep the
common parts in sync.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]