MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] proposal for action-id, subject-id, and required Attributes
On Tue, 3 Sep 2002, Anne Anderson wrote:
> On 3 September, Polar Humenn writes: Re: [xacml] proposal for action-id, subject-id, and required Attributes
> > Anne, again, just requiring the Subject to have "one other" attribute,
> > which is "typically" the "subject-id", doesn't really buy you much.
> >
> > I suggest that we should take a stance of being consistent across all
> > subjects, actions, and resources. For each, either that no attributes are
> > guarranteed to be there, or they all have at least one attribute available
> > and we know explicitly what that attribute is.
>
> I vote for "no attributes are guaranteed to be there". I do not
> care whether we make minOccurs=0 or 1, although I think we can
> eliminate some meaningless cases by requiring at least 1, even if
> we do not specify which one that is.
All I am saying that requiring 1 attribute without knowing what that
attribute is, doesn't make the situation any more "meaningful".
However, I don't see the sense in not being able to write a policy about a
subject, resource, and action, that is guarranteed to work on all PEP-PDP
XACML interfaces.
-Polar
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC