[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Issue#61:WS-XACML:How are the contents of XACMLAuthzAssertionsrepresented in the base XACML Policies
Anne Anderson - Sun Microsystems wrote:
> At the Face-to-Face, I said I would re-state on the list some options
> about how to keep an enterprise's internal authorization policy
> consistent with its XACMLAuthzAssertion Web Services policy. Here
> they are.
Anne, here is another one:
OPTION 4: Tag parts of a common policy to be specific for the public or
private policies.
For instance:
<Policy RuleCombiningAlg="permit-overrides">
<Target>
role == "manager"
resource == "salary-table"
</Target>
<Rule Effect="Permit">
<Public>
<!-- no condition here -->
</Public>
<Private>
<Condition>
secret_attribute == "Foo"
</Condition>
</Private>
</Rule>
</Policy>
A few lines of xslt could then extract the public respective private
policies from the common file, without the need to manually keep the
common parts in sync.
Regards,
Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]