MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: 10. Parameters for Combining Algorithms
This is an attempt to capture issues raised during the discussion
of this item for future reference. Note that the item has been
closed for 2.0 in favor of solving the problem using XACML
Extension Points (#11).
Proposal: http://lists.oasis-open.org/archives/xacml/200305/msg00014.html
1. Any new "paramters" element needs to be scoped so that it does
not become a "kitchen sink" (used for arbitrary data and
semantics that are difficult to control and reconcile with
future versions of standard XACML).
2. This changes the evaluation of combining algorithms: now
sub-policies or rules must be evaluated in order to see if
they contain parameters. Previously, the combining algorithm
did not depend on evaluation of sub-policies or rules.
3. If parameters were limited to use with Rule Combining
Algorithms, they would be easier to apply, since there are no
references to external rules and all the rule content is local
to the Policy document.
4. Would need to define how to deal with missing paramters or a
mismatch between parameters and the signature of the combining
algorithm.
5. If parameters are included in Policies, those Policies may be
referenced from multiple PolicySets, each with its own
combining algorithm. Not all of the combining algorithms may
expect the same parameters in the same order.
6. Parameters could be added via a new XACML schema extension.
Such an extension would not parse as valid XACML (since XACML
does not define schema extension points). This is not a
problem because only PDPs that had been modified to understand
the semantics of the new combining algorithms would be able to
handle the new policies anyway - when a PDP was modified to
handle the new combining algorithm, it could be modified to
handle the new schema.
7. The functionality of parameters used only for ordering or
precedence can be handled by using one of the "ordered" forms
of the standard combining algorithms and ordering the rules or
policies as desired when composing the policy document.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]