MHonArc v2.5.0b2 -->

















xacml message






[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]








Subject: Re: [xacml] Notes from focus group meeting 20 Nov 2003




From: Frank Siebenlist <franks@mcs.anl.gov>
To: Tim Moses <tim.moses@entrust.com>
Date: Thu, 20 Nov 2003 12:25:50 -0800






Just to record some possible additional schema changes:

Tim Moses wrote:

> ...
> The only implication for the XACML schema appears to be the optional
> inclusion of metadata, such as issuer, maximum path length and validity
> interval in Policy and PolicySet elements.  In addition, a new combining
> algorithm must be defined for combining decisions from all the policies that
> form a delegation path.

We may have to add similar meta data to the decision/response-context to 
(optionally) communicate the root issuer associated with that decision, and the 
validity time interval that is the logical intersection of all the validity time 
intervals of the decisions that contributed to that decision (maybe even the 
number of additional delegators allowed).

This would allow PEPs to keep decisions around for its life-time (caching), and 
it would allow authorization decisions from different PDPs to be communicated 
and combined.

-Frank.

-- 
Frank Siebenlist               franks@mcs.anl.gov
The Globus Alliance - Argonne National Laboratory









References:

Notes from focus group meeting 20 Nov 2003
From: Tim Moses <tim.moses@entrust.com>






[Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [List Home]