MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [xacml] WI#9 Proposal: policies referring to hierarchical resources
>In the model I am trying to support, the policy writer does not
necessarily
>know the resource structure, and it is not necessarily static. The
policy
>writer knows that "any file in Anne's home directory subtree is
readable by
>Anne", but does not know all the files that might be in that subtree at
the
>time someone (maybe Anne) makes a request to read one of those files.
But in this example he needs to know that this files are in
"Anne_home_directory"
But what if the subresource is a shared component? For example you want
to write a rule that applies to "profile" directory (and all of it
content) in every users directory, not just in "Anne" - and you want the
user specific policy to propagate on it as well.
This is a very typical use case: dynamically deployed applications make
use of a common resource. This binding is dynamic - policy writer does
not know what applications will use a resource, or what resources an
application will use. You want a resource specific policy + application
specific policy to apply. If you use attribute-based resource
hierarchy, it is quite possible to do.
Daniel;
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]