OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  PAP Architecture - Cohort requirements - TTL

    Posted 07-12-2012 17:45
    Bill, as discussed I updated the requirements on the Wiki to add your TTL requirement as a more general "validity" requirement, expressed as Validity: a policy cohort may be only valid between a start date/time and an end date/time (either boundaries can be omitted) Would it work? Thanks, Jean-Paul https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture


  • 2.  RE: PAP Architecture - Cohort requirements - TTL

    Posted 07-12-2012 17:54
    Ray, I just noticed that there is an open issue listed on the Wiki: "PDP Cohort Schedule end time - Do we need it? Ray: I don't think we need it" To this question, I would like to suggest that leaving a general "Validity" requirement, with either ends (start or stop) optional covers the 3 possible cases, that all have business sense. Example: regulatory policies can have start date and no end date, policies related to contracts can have start and end date, and other some policies have neither ones. Would you agree with this, and if so maybe we should change the resolution of this open issue? Thanks, Jean-Paul


  • 3.  RE: PAP Architecture - Cohort requirements - TTL

    Posted 07-12-2012 21:08
    Jean-Paul, >


  • 4.  Re: PAP Architecture - Cohort requirements - TTL

    Posted 07-12-2012 19:05
    Yes. The additional precision of the time validity of the relationships is a nice refinement. Thanks b On Jul 12, 2012, at 10:44 AM, Jean-Paul Buu-Sao <jean-paul.buu-sao@tscp.org> wrote: > Bill, as discussed I updated the requirements on the Wiki to add your TTL requirement as a more general "validity" requirement, expressed as > > Validity: a policy cohort may be only valid between a start date/time and an end date/time (either boundaries can be omitted) > > Would it work? > Thanks, > Jean-Paul > > https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture > >


  • 5.  Re: [xacml] Re: PAP Architecture - Cohort requirements - TTL

    Posted 07-12-2012 21:02
    Wouldn't we want to express this with XACML attributes? Or is it seen as a separate concern that we do not want to mix with access attributes? Could a digital signature or SAML assertion wrapping the XACML policy contain that information? On Thu, Jul 12, 2012 at 9:04 PM, Bill Parducci < bill@parducci.net > wrote: Yes. The additional precision of the time validity of the relationships is a nice refinement. Thanks b On Jul 12, 2012, at 10:44 AM, Jean-Paul Buu-Sao < jean-paul.buu-sao@tscp.org > wrote: > Bill, as discussed I updated the requirements on the Wiki to add your TTL requirement as a more general "validity" requirement, expressed as > > Validity: a policy cohort may be only valid between a start date/time and an end date/time (either boundaries can be omitted) > > Would it work? > Thanks, > Jean-Paul > > https://wiki.oasis-open.org/xacml/Policy%20Administration%20Point%20Architecture > >