OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] New core and multiple resource profile and hierarchical

>
> What it MUST include however, is the forest model. The reason for  
> this is that the existing profile gives:

Several weeks into this discussion, I still have not seen a single  
concrete use case that warrants this.

> As the profile stands now, with a choice of general DAG and  
> concrete URI, I believe many customers will be unknowingly led into  
> an insecure DAG, when a perfectly reasonable secure forest could be  
> shown to be a clear alternative, with the extra cost, of course, of  
> maintaining the membership in the original hierarchies, which is  
> necessary to generalize the URI scheme.
>

I still have not seen a single compelling  example why DAG is  
"insecure" in any form.  Applicable policy is entirely explicit, and  
easy to analyze.


Daniel;

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]