OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Updated policy template wiki

All,

I still fail to see why this is useful.

If you take a policy template, and replace each <Parameter> with an appropriate <AttributeDesignator>, then you get a regular XACML policy, and the PEP/PDP can "fill in" the "template" at runtime using normal XACML attributes.

Why do we need a new standard? In particular I would be opposed to "implementation option C", that is a PDP would construct the policy from the template at runtime. That's lots of heavy machinery for no gain.

Best regards,
Erik

On 2012-09-20 20:25, Danny Thorpe wrote:

I’ve updated the policy template wiki (https://wiki.oasis-open.org/xacml/Policy%20Template%20Profile) with text about required Match _expression_ rewriting in parameter substitution and optional use of AttributeDesignators and AttributeSelectors in Parameter data in dynamic policy template reduction implementations.

 

-Danny

 

Danny Thorpe

Product Architect | | Quest Software - Now including the people and products of BiTKOO | www.quest.com

 


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]