OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: [xacml] WI#9 Proposal: policies referring to hierarchical resources

  • 1.  RE: [xacml] WI#9 Proposal: policies referring to hierarchical resources

    Posted 04-09-2004 02:15
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: RE: [xacml] WI#9 Proposal: policies referring to hierarchical resources


    
    >>The Request Context is notional.  It does NOT mean the PEP has to
    >>translate the entire filesystem into an XML Hierarchy instance
    >>and actually put it into the Request Context. 
    >
    >I am not talking about XML, but about making the resource structure p
    >art
    >of the policy, instead of being part of dynamic context.
    
    In the model I am trying to support, the policy writer does not necessarily
    know the resource structure, and it is not necessarily static.  The policy
    writer knows that "any file in Anne's home directory subtree is readable by
    Anne", but does not know all the files that might be in that subtree at the
    time someone (maybe Anne) makes a request to read one of those files.
    
    >>I am specifically addressing the problem of how to handle
    >>tree-structured hierarchical resources.  How do you define a
    >>"hierarchical resource"?
    >
    >Ordered graph? 
    >
    >>Many resources are organized in tree-structured hierarchies.
    >
    >The issue is whether you need to know the structure while writing pol
    >icy
    >and who owns that structure.
    >
    >I think that if we can define specification that addresses your use c
    >ase
    >while being more flexible, that would be a good thing, wouldn't it? :
    >)
    
    That would be fine, but I have not seen anything yet that meets those
    criteria.  I am not persuaded by your arguments so far and you have
    not provided enough information to see what your alternative specification
    would look like.  Time is short - can you provide an outline of your
    alternative soon?
    
    Anne
    
    >
    >Daniel;
    >
    >
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]