OASIS Open

This specification defines a new XACML system component, the Dynamic Attribute Authority, which augments the request context of an XACML authorization request with additional attributes and attribute values that are generated on demand according to a set of rules. The rules are expressed as XACML policies, use obligations to specify the additional attributes and values, and are processed in the normal manner of a Policy Decision Point. This means that a Dynamic Attribute Authority can be readily constructed from existing XACML system components.

This specification defines a new XACML system component, the Dynamic Attribute Authority, which augments the request context of an XACML authorization request with additional attributes and attribute values that are generated on demand according to a set of rules. The rules are expressed as XACML policies, use obligations to specify the additional attributes and values, and are processed in the normal manner of a Policy Decision Point. This means that a Dynamic Attribute Authority can be readily constructed from existing XACML system components. A primary use case for the Dynamic Attribute Authority is role enablement, where the dynamic attribute in question is the subject role.

This ballot requires a Special Majority Vote [2]. The TC roster currently lists 3 voting members. In order to pass, at least 2 members have to vote Yes and no more than 1 members may vote No. [1] URI for the specification https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02.html [2]http://www.oasis-open.org/committees/process-2010-07-28.php#dSpecialMajority

CSD02: XACML v3.0 Related and Nested Entities Profile Version 1.0 Committee Specification Draft 02 20 August 2020 https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02.docx https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02.html https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/xacml-3.0-related-entities-v1.0-csd02.pdf XML schema: https://docs.oasis-open.org/xacml/xacml-3.0-related-entities/v1.0/csd02/schemas/

It is not unusual for access control policy to be dependent on attributes that are not naturally properties of the access subject or resource, but rather are properties of entities that are related to the access subject or resource. This profile defines the means to reference such attributes from within XACML policies for processing by a policy decision point.