[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: CD-1 issue #10: denied access to internal nodes in hierarchy
The issue number refers to the XLS-sheet found in this email: http://lists.oasis-open.org/archives/xacml/200909/msg00013.html The commenter notes that if access is denied to an interior node and access is allowed to descendants of the denied node, then the reassembled allowed nodes do not correspond to the original schema anymore. The commenter proposes that the specification is changed so that denying an internal node also means deny to all descendant nodes. The problem is actually wider than that. Denying (and thus removing) any single leaf node could invalidate the schema since the node might be required by the schema. So the proposed change would not fix the identified problem. The problem is inherent in doing access control on XML documents. Also, in a more general case, it is useful to have the current model. For instance, in a medical application it could be the case that a researcher is allowed to see selected diagnostics information contained in a patient record, but the rest of the record, such as patient identifying data, is denied to him. I propose that we make no change. Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]