OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Request for enhanced boxcarring (multiple resource and actionrequest) support


We have recently identified a requirement to be able to specify not just a list of resources and a list of actions and make decisions on each combination.

The new requirement is to be able to specify particular resource/action combinations. This is primarily required for efficiency when making a remote call. It would greatly cut down on unnecessary decisions or network messages.

For example instead of merely saying:

R1, R2, R3
A1, A2, A3, A4

And getting 12 answers:

R1, A1
R1, A2
....
R3, A4

We would like to be able to specify particular cases.

This could be done by providing specific pairs:

R1, A1
R1, A2
R2, A1
R2, A3
R2, A4
R3, A2
R3, A4

Or by some kind of grouping syntax

R1, {A1, A2}
R2, {A1, A3, A4}
R3, {A2, A4}

However here is the key question.

We recently agreed to freeze the core. Since this is only needed for remote access, it could be done by modifying the SAML Profile alone. However, this would mean that remote and local requests would have a different syntax, plus slightly different functionality.

What is the feeling of the TC? Should we allow this change to the core or only do it in the SAML request?

Hal



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]