OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Passing parameters to the attribute designator


Anil,

it would be better to expose the broader use-case you are interested in 
here. My guess is that it has something to do with enterprise 
infra-structure or the policy creation or administration model or the 
way resource meta-data is stored. A more general formulation focusing on 
the use-case would get more attention within the TC.

The original XACML use-case tends to focus only a "pure" policy language 
and rules for its execution. This makes sense as the main concern was an 
interoperable policy language. But there are much broader use-cases that 
need to be dealt with before XACML can have a larger practical impact...

- prateek
> I believe there must be a case when the context handler must be given 
> additional information to retrieve an attribute when using attribute 
> designators. This additional information may be kept within the 
> policies that reference the designator and will serve as parameters to 
> the evaluation procedure of the designator. Naturally, this applies to 
> only those cases when the attribute referenced is not actually present 
> in the request context as XACMLv2.0 specification mentions how 
> the referenced attributes must be matched when present in the request 
> context.
>  
> This additional context passed to the handler can be a property 
> list/name-value pairs as the combiner parameters.
>  
> Thoughts ?
>  
> Regards,
> Anil


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]