[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: Tickets ?
I agree with Simon's last paragraph. XACML should not prevent an XML document to be protected via XML Encryption - perhaps, XACML profile can point to (link with) XML Encryption stylesheet (XML Encryption standard is still work in progress in W3C).
Alex
Alex Berson
VP / CTO Portal Technologies & Applications
Entrust Technologies
CA Office: 408-222-7800 ext 7725
NYC Office: 646-495-5097
Direct: 732-967-9188
Fax: 732-390-5784
Mobile: 732-991-1850
Alex.Berson@entrust.com
-----Original Message-----
From: Simon Y. Blackwell [mailto:sblackwell@psoom.com]
Sent: Wednesday, May 30, 2001 11:54 AM
To: 'Andersen, Jens Jakob'; 'xacml@lists.oasis-open.org'
Subject: RE: Tickets ?
see embedded
> -----Original Message-----
> From: Andersen, Jens Jakob [mailto:Jens.Andersen@softwareag.com]
> Sent: Wednesday, May 30, 2001 1:51 AM
> To: 'xacml@lists.oasis-open.org'
> Subject: Tickets ?
>
>
> Having thought over the XACML issue, and the connected areas,
> mixed with my
> experience in consulting for implementation of "Profile Based
> User Rights
> Adminstration Systems", as well as being practical, I jump to
> some issues:
>
> 1. How will XACML information be provided ?
> - Initially (LDAP ?) and for later use (Kerberos tickets ?)
Don't know yet
>
> 2. If XACML is added as a header to the XML document it is
> meant to protect,
> this will only work with XACML aware software. E.g Notepad or
> VI will just
> read the text document, and reveal all of it to the reader.
>
Based on work to date, it is not likely to be a header.
> 3. This one is ouch, and I hope that we all will say NO:
> Should XACML be
> coupled together with encryption of document content ?
>
I would say yes in that it should be able to specify what can be transmitted
encyrpted and what can be sent in the clear. Additionally, encryption may be
necessary to support fine grained control of nested XML fragments, i.e. the
only way to disallow some content viewing but allow other content viewing is
via encryption or physically modifying the file before transmission.
> JJ
>
> ------------------------------------------------------------------
> To unsubscribe from this elist send a message with the single word
> "unsubscribe" in the body to: xacml-request@lists.oasis-open.org
>
------------------------------------------------------------------
To unsubscribe from this elist send a message with the single word
"unsubscribe" in the body to: xacml-request@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC