OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Redaction by Multiple Decisions

The limitation with this approach is that while it is very concise, it implies that all of the data is classified correctly (in this case, in the proper field). Without the ability to apply semantic techniques,  sensitive information could unknowingly be passed. 

I am not sure how such techniques can be adequately defined and used in a standard manner. 


On Sep 24, 2015, at 1:48 AM, David Brossard <david.brossard@axiomatics.com> wrote:

Hi Steven,

Interesting idea. I have also seen a similar trend in the insurance industry. The redaction is particularly useful in any industry where there is a strong standardization body which standardizes document structures (e.g. EHR, EMR...).

Using obligations is an OK approach but it hides away authorization semantics inside obligations which means you cannot easily audit your policies or even ask the simpler questions. Also it makes your PEP logic much thicker. And it poses the question of how you combine multiple obligations together.

Also you say that it would be faster to run a single request + obligations. I think an MDP would be equally efficient (the bulk of time spent is on the request-response not on evaluation). It makes enforcement easier.

You would typically ask:
  • Can user Alice view medical record X... and field SSN... and field name... and field address...?
To which the PDP would reply Permit, Permit, Deny...

It makes the PEP easy to implement: all you have to do is enforce a Permit or Deny. It also means you probably want to integrate with a PEP capable of processing the type of document we are dealing with. If it is an XML document, then an API / XML gateway would be a great PEP.



On Thu, Sep 24, 2015 at 8:00 AM, Steven Legg <steven.legg@viewds.com> wrote:

On the last TC conference call Hal mentioned using multiple authorization requests
to redact a document. Basically asking for each discrete piece of the document
whether it is visible. This is the obvious way to do it but it is also expensive,
even using the Multiple Decision and Hierarchical Resource profiles.

The redaction solution I sketched out was the result of looking for a faster way
to do redaction. One request determines whether access to the document is permitted
and simultaneously returns the instructions for redacting the document, as
obligations, if access is permitted.

A profile for redaction could talk about both methods.

Mohammad mentioned interest in redaction for health documents so I was wondering
if there might be existing marking schemes and vocabularies for health records that
might feed into some XACML attribute definitions and concrete examples for a
redaction profile. Anything similar in the military sphere would be interesting too.


To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail.  Follow this link to all your TCs in OASIS at:

David Brossard
VP of Customer Relations
+46(0)760 25 85 75
+1 502 922 6538
Axiomatics AB

Västmannagatan 4
S-111 24 Stockholm, Sweden
Axiomatics for developers: http://developers.axiomatics.com
Connect with us on LinkedIn | Twitter | Google + | Facebook | YouTube

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]