OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Policy Cohort requirements

  • 1.  Policy Cohort requirements

    Posted 06-29-2012 11:12
    As Hal suggested yesterday during the TC call, I submitted directly on the Wiki an initial list of 10 requirements for the policy cohort https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture   Hopefully we will find out if we share the same view on what a cohort should be. Please provide your feedback, corrections, and additional requirements. Here they are, for completeness: Authenticity: an issuing authority may be associated and be authenticatable at a level of assurance by external (e.g. XML signature) means. Identity: must be uniquely identifiable, under the indicated namespace. Integrity: integrity may be ensured using appropriate means (e.g. XML signature). Confidentiality: confidentiality may be ensured using appropriate means (e.g. XML encryption). Reference-trust: policies included in the cohort may contain references to external attribute providers, for which the container cohort must ensure trust (e.g. in this case it must call them out). Administrative attributes: may be added, in a flexible manner, to allow _expression_ of e.g. business context information, contact information. Versioning: ?. Self-containtment: a policy cohort is self-contained, in the sense that it contains all the artifacts that it needs to operate. Auditability: a policy cohort must be considered as an unit of audit, i.e. audit log events must refer to the cohort, in addition to the policy that triggered the authorization decision. Testability: a policy cohort contains test dataset that consumers / implementors can use in order to test against their own implementations. Thanks, Jean-Paul Buu-Sao