OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] Comments on xacml-profile-hierarchical-resources draft

  • 1.  Re: [xacml] Comments on xacml-profile-hierarchical-resources draft

    Posted 07-14-2004 20:21
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft


    On 14 July, Bill Parducci writes: Re: [xacml] Comments on xacml-profile-hierarchical-resources draft
     > Anne Anderson wrote:
     > 
     >  > 2. An XML document treated as a single resource, but where
     >  >    constraints MAY depend on the values of specific nodes in the
     >  >    resource,
    
    A subject wants to view a given hospital patient record, which is
    an XML document file.  The policy is that subjects can view
    patient records only if they are in role "hospital administrator"
    or if their "subject-id" matches the <attending physician> or
    <patient name> values in the patient record.
    
    The system does not want to have to ask about each node in the
    record, because its policy is either to give access to the entire
    document or not at all.
    
    I think this is a realistic use case.
    
     >  > 3. A node subtree of an XML document treated as a single resource,
     >  >    again where constraints may depend on the values of specific
     >  >    nodes in the resource,
     > 
     > if someone has a use case for either of these i would be interested in 
     > seeing it.
    
    I do not know of a real use case here.  It would most likely
    occur if some system kept a large virtual XML document such as
    <HospitalRecords> containing a sequence of individual
    <PatientRecord> sub-documents (as in case 2 above).
    
    Anne
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]