[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Where does the data come from ?
Martin An interesting post, I have some comments and follow ups on it. I do not believe that your assessment is totally valid: acceptable data makes a whole ABAC project not worth the effort. And I would assert that today the lack of the right (in terms of evidence for policy conformance) data significantly limits the value of implementing ABAC, at least for multi-organizational information sharing use cases and use cases in highly regulated sectors like government and health care.You are looking at this in trying to get back to basic sources of data. If however, you look at any problem space as having defined players in an access control space, and that these players have specific attributes, then how those attributes are determined becomes much less important. Even in highly regulated industries, what really is important is the value of the attribute, not how it was determined. In these industries, the problem is actually cleaner, since the actual policies and attributes are defined by the governance. As long as the attribute value can be communicated, with teh appropriate assurance, then a policy decision can be made using it. The Data Model becomes a lower layer service, that ultimately becomes merely an implementation detail. It should not impact the access control evaluation, which deals with attribute interaction. I guess this is what Steven was getting to when he says policy makers need to constrain, not to the point of where and how a data item is maintained, but how it can be communicated and correctly interpreted by the bigger ecosystem Allan Simplify Email: Email
Charter
On 6/12/15 9:53 PM, Martin Smith wrote:
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]