[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] New core and multiple resource profile and hierarchical
> > What it MUST include however, is the forest model. The reason for > this is that the existing profile gives: Several weeks into this discussion, I still have not seen a single concrete use case that warrants this. > As the profile stands now, with a choice of general DAG and > concrete URI, I believe many customers will be unknowingly led into > an insecure DAG, when a perfectly reasonable secure forest could be > shown to be a clear alternative, with the extra cost, of course, of > maintaining the membership in the original hierarchies, which is > necessary to generalize the URI scheme. > I still have not seen a single compelling example why DAG is "insecure" in any form. Applicable policy is entirely explicit, and easy to analyze. Daniel;
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]