OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  Re: XACML Charter Scope

    Posted 05-25-2001 04:33
    
    
    I agree with Ernest, that XPath/XSLT is one of proper standards for
    retrieving some parts of XACML policy specification from repository,
    while in our access control language for XML (XACL), we did not use
    XPath for extracting parts of policy specification. We used a table
    representation that binds target resource name to a relevant XML
    policy file. As Hal wrote that "it seems it would be useful to describe
    how they would be contained in or bound to the document to which
    they refer." I think it would be useful to create use cases of how
    XACML policy is contained in the target document (it seems to be an
    annotation to the target document, say "embedded policy"). Another
    case is just mentioned above, that is "detached policy".
    
    regards,
    Michiharu Kudo
    Internet Technology              TEL +81-46-215-4642
    Tokyo Research Laboratory    FAX +81-46-273-7428
    IBM Japan Ltd.                      Internet: kudo@jp.ibm.com
    
    
    From: ernesto damiani <edamiani@crema.unimi.it> on 2001/05/24 19:09
    
    Please respond to ernesto damiani <edamiani@crema.unimi.it>
    
    To:   "Simon Y. Blackwell" <sblackwell@psoom.com>,
          xacml@lists.oasis-open.org
    cc:
    Subject:  Re: XACML Charter Scope
    
    
    
    I agree, especially when you say that we do not need to reinvent the
    wheel..
    Having worked a lot on XML query languages in the last couple of years (I
    even was at the first W3C workshop on this subject ;-), interested people
    may take a look at http://xerox.elet.polimi.it) my personal opinion is that
    XQuery gives you a lot of expressive power.. and, at least for now,  lots
    of
    trouble we do not need.
    There is a standard, robust, well-understood mechanism to refer to portions
    of XML data, and it is XPath (BTW, as you know most of the academic
    proposals towards access control languages for XML, including our own,
    exploit this mechanism for identifying objects).
    XSLT is based on XPath, and it seems very reasonable XSLT/XPath to be used
    to extract and process parts of an XACML policies' repository.
    Needless to say I do NOT think we should get involved with any lower level
    issue such as serialization etc.: our XACML info may travel inside a HTTP
    packet, be stored on disk as a XML text file or serialized using any other
    mechanism.
    Comments welcome...
    
    ernesto