OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] [policy model]: Object semantics proposal

  • 1.  Re: [xacml] [policy model]: Object semantics proposal

    Posted 10-29-2001 09:50
    i am having a hard time visualizing a regular expression evaluating
    hierarchical data structures. can you give an example? from your
    previous examples, my thinking was that it would be used solely to
    evaluate linear (string) values.
    
    b
    
    Michiharu Kudoh wrote:
    > 
    > I think regex expressions could provide wider expressive power.
    > What I worried about was there seems to be no standard or no de-fact
    > standard for representing regular expression on tree structures.
    > Moreover, there seems to be no available algorithms or software products.
    > It could require a mechanism for making tree pattern matching and more.
    > Does anyone know about this?
    > 
    > regards,
    > Michiharu Kudo
    > 
    > From: bill parducci <bill@parducci.net> on 2001/10/26 19:39
    > 
    > Please respond to bill parducci <bill@parducci.net>
    > 
    > To:   Michiharu Kudoh/Japan/IBM@IBMJP
    > cc:   xacml@lists.oasis-open.org
    > Subject:  Re: [xacml] [policy model]: Object semantics proposal
    > 
    > in addressing the topic of section 2.2 (Object Hierarchy With Wild Card
    > Notation) i would like to propose that we consider regex expressions
    > instead of simple wildcards. this will allow for much more robust
    > decision request attributes. to put it in context with michaharu's
    > example...
    > 
    > in a system where you have the follwing:
    > 
    > c:/winnt/system32
    > c:/winnt2/system32
    > c:/winnt3/system32
    > c:/winnt4/system32
    > c:/winnt5/system32
    > c:/winnt[n]/system32
    > 
    > and you wanted access to only:
    > 
    > c:/winnt3/system32
    > c:/winnt4/system32
    > c:/winnt5/system32
    > 
    > you could express this as
    > path="c:/winnt[345]/system32"
    > 
    > rather than list each individually (as would be necessary with just "*"
    > notations).
    > 
    > b
    > 
    > Michiharu Kudoh wrote:
    > >
    > > I post a proposal of object semantics.
    > > It is similar to the one I posted last week.
    > >
    > > (See attached file: XACMLObjectSemantics.pdf)
    > >
    > > regards,
    > > Michiharu Kudo
    > > Internet Technology              TEL +81-46-215-4642
    > > Tokyo Research Laboratory    FAX +81-46-273-7428
    > > IBM Japan Ltd.                      Internet: kudo@jp.ibm.com
    > > ---------------------- Forwarded by Michiharu Kudoh/Japan/IBM on
    > 2001/10/22
    > > 20:28 ---------------------------
    > >
    > > From: Michiharu Kudoh on 2001/10/15 20:03
    > >
    > > To:   "'xacml@lists.oasis-open.org'" <xacml@lists.oasis-open.org>
    > @internet
    > > cc:
    > >
    > > From: Michiharu Kudoh/Japan/IBM@IBMJP
    > > Subject:  [xacml] [policy model]: Subject semantics proposal
    > >
    > > I post a proposal of subject semantics.
    > >
    > > >Action Items:
    > > >2. Submit subject semantics proposals.
    > >
    > > regards,
    > > Michiharu Kudo
    > > Internet Technology              TEL +81-46-215-4642
    > > Tokyo Research Laboratory    FAX +81-46-273-7428
    > > IBM Japan Ltd.                      Internet: kudo@jp.ibm.com
    > > *******Attachment(s) have been removed*******
    > >
    > >
    > ------------------------------------------------------------------------
    > >                                       Name: XACMLObjectSemantics.pdf
    > >    XACMLObjectSemantics.pdf           Type: Portable Document Format
    > (application/pdf)
    > >                                   Encoding: BASE64
    > >                            Download Status: Not downloaded with message