OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xspa message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [xspa] Attribute Categories

You will need to explain more fully what you mean.  I’m hesitant to branch off into areas concepts that do not have existing standards bases.  Primarily I refer to ISO 10181-3 (which can be obtained from ITU for free) and NIST FIPS 188 for attributes of Security Labels.  The HL7 Healthcare Privacy and Security Classification System has also defined concepts.   The suggestions below have neither a standards basis or harmonization with core security standards.

 

XSPA is first and foremost a healthcare profile of existing standards so we need to be cautious about introducing NEW concepts. 

 

Regards, Mike

 

From: xspa@lists.oasis-open.org [mailto:xspa@lists.oasis-open.org] On Behalf Of Mohammad Jafari
Sent: Tuesday, July 16, 2013 5:05 PM
To: xspa@lists.oasis-open.org
Cc: Duane Decouteau
Subject: [xspa] Attribute Categories

 

One of the new features in XACML 3.0 is attribute categories which has replaced the static types subject, resource, action and environment. So, we need to specify the attribute categories for the XSPA attributes which is the subject of the task XSPA-1.

 

I notices that there are actually more than one categories defined in XACML 3.0 core. The standard (and the only mandatory) category for subjects is:

urn:oasis:names:tc:xacml:1.0:subject-category:access-subject

But it seems to me the optional category

urn:oasis:names:tc:xacml:1.0:subject-category:recipient-subject

is also relevant to the XSPA use-cases for the attributes of the receiving organization.

 

There are also the following categories which could be considered:

urn:oasis:names:tc:xacml:1.0:subject-category:intermediary-subject

urn:oasis:names:tc:xacml:1.0:subject-category:requesting-machine

 

We have the following options to use for the category of subjects in XSPA:

1.       access-subject

2.       recipient-subject

3.       intermediary-subject

4.       requesting-machine

5.       Define another XSPA-specific category

 

Please share your what you think. I personally think we should use access-subject for the end user attributes and recipient-subject  for the receiving organization.

 

 

Regards,

Mohammad

 

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]