[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Attribute Categories
|
One of the new features in XACML 3.0 is attribute categories which has replaced the static types subject, resource, action and environment. So, we need to specify the attribute categories for the XSPA attributes which is the subject
of the task XSPA-1. I notices that there are actually more than one categories defined in XACML 3.0 core. The standard (and the only mandatory) category for subjects is: urn:oasis:names:tc:xacml:1.0:subject-category:access-subject But it seems to me the optional category urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject is also relevant to the XSPA use-cases for the attributes of the receiving organization. There are also the following categories which could be considered: urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine We have the following options to use for the category of subjects in XSPA:
1.
access-subject
2.
recipient-subject
3.
intermediary-subject
4.
requesting-machine
5.
Define another XSPA-specific category Please share your what you think. I personally think we should use
access-subject for the end user attributes and
recipient-subject for the receiving organization. Regards, Mohammad |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]