All,
Back when I worked as a researcher at the Swedish Institute of Computer
Science, I and a colleague of mine, Ludwig Seitz, wrote a paper on a
revocation model for XACML.
The paper was intended for academic publication, but it was difficult to
make a good presentation of the topic, since covering it fully would
essentially mean to duplicate the delegation profile to explain the
context of the work. We never got around to make it into a state where
it could be published at an academic workshop.
SICS has published the paper in their technical report series. It is called
"T2008-10 Context Dependent Revocation in Delegated XACML"
and it is available here:
http://www.sics.se/libindex.html
ftp://ftp.sics.se/pub/SICS-reports/Reports/SICS-T--2008-10--SE.pdf
You should read the full paper to get all the details, but the quick
summary is this: The paper presents a revocation model for the draft
delegation profile in 3.0, where the model could be summarized as "You
may revoke those policies which you could create yourself". The use case
is that administrators may change positions, in which case each
administrator should be able to handle those policies which are his
duties, whether they were issued by him in person, or someone else. This
is in contrast to the more typical revocation model, for instance in
X.509 PKI, where the issuer of something is the authority of revocation.
In the model we wanted the already existing administrative policies also
to define the scope of rights to revoke policies in addition to the
scope of rights to issue policies.
It is our hope that this will be beneficial to XACML and the XACML
community.
Best regards,
Erik