OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Policy Cohort requirements


As Hal suggested yesterday during the TC call, I submitted directly on the Wiki an initial list of 10 requirements for the policy cohort

https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture

 

Hopefully we will find out if we share the same view on what a cohort should be. Please provide your feedback, corrections, and additional requirements.

Here they are, for completeness:

  1. Authenticity: an issuing authority may be associated and be authenticatable at a level of assurance by external (e.g. XML signature) means.
  2. Identity: must be uniquely identifiable, under the indicated namespace.
  3. Integrity: integrity may be ensured using appropriate means (e.g. XML signature).
  4. Confidentiality: confidentiality may be ensured using appropriate means (e.g. XML encryption).
  5. Reference-trust: policies included in the cohort may contain references to external attribute providers, for which the container cohort must ensure trust (e.g. in this case it must call them out).
  6. Administrative attributes: may be added, in a flexible manner, to allow _expression_ of e.g. business context information, contact information.
  7. Versioning: ?.
  8. Self-containtment: a policy cohort is self-contained, in the sense that it contains all the artifacts that it needs to operate.
  9. Auditability: a policy cohort must be considered as an unit of audit, i.e. audit log events must refer to the cohort, in addition to the policy that triggered the authorization decision.
  10. Testability: a policy cohort contains test dataset that consumers / implementors can use in order to test against their own implementations.

Thanks,

Jean-Paul Buu-Sao

 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]