[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Issue#61:WS-XACML:How are the contents of XACMLAuthzAssertionsrepresented in the base XACML Policies
Anne Anderson - Sun Microsystems wrote: > At the Face-to-Face, I said I would re-state on the list some options > about how to keep an enterprise's internal authorization policy > consistent with its XACMLAuthzAssertion Web Services policy. Here > they are. Anne, here is another one: OPTION 4: Tag parts of a common policy to be specific for the public or private policies. For instance: <Policy RuleCombiningAlg="permit-overrides"> <Target> role == "manager" resource == "salary-table" </Target> <Rule Effect="Permit"> <Public> <!-- no condition here --> </Public> <Private> <Condition> secret_attribute == "Foo" </Condition> </Private> </Rule> </Policy> A few lines of xslt could then extract the public respective private policies from the common file, without the need to manually keep the common parts in sync. Regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]