[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Managing with XACML
Tim, I read over your paper, and find it interesting - it is pretty much what I have described to people as a "hack" if they want to do this type of thing with XACML. A component your paper does not describe is "state": ECA policies often seem to use "state". Part of the solution is simple: the Management Profile or Extension could require that the PDP return an Attribute containing the new state among the Obligations, and could require that the PEP pass in the most recently returned state Attribute with the next request. One issue, however, is that, since Rules in multiple policies may be triggered, more than one "state" Attribute might be returned: how could this be managed theoretically and practically? Another issue with state is what the state is associated with: is it a session that is maintained by the PEP, or is it an overall state maintained by the PDP? While I think this would be useful work, I doubt I would have much time to devote to it. If my role was merely to comment on a specification developed by someone else, I would be happy to do that. There may be other people at Sun who would be interested in this, however, so I will ask around. I want to have someone here who deals more with ECA policies to look it over and comment on other issues that might need to be considered. Anne On 9 September, Tim Moses writes: [xacml] Managing with XACML > From: Tim Moses <tim.moses@entrust.com> > To: 'XACML' <xacml@lists.oasis-open.org> > Subject: [xacml] Managing with XACML > Date: Thu, 09 Sep 2004 10:27:36 -0400 > > Colleagues - Attached is a short paper containing some ideas on adapting > XACML for expressing management-style policies. Honestly, it really IS > short. I would like to hear other peoples' views on the approach and > whether there is interest amongst the members in taking this work on. > > All the best. Tim. > > ----------------------------------------------------------------- > Tim Moses > 613.270.3183 > > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]