Having thought over the XACML issue, and the connected areas, mixed with my
experience in consulting for implementation of "Profile Based User Rights
Adminstration Systems", as well as being practical, I jump to some issues:
1. How will XACML information be provided ?
- Initially (LDAP ?) and for later use (Kerberos tickets ?)
2. If XACML is added as a header to the XML document it is meant to protect,
this will only work with XACML aware software. E.g Notepad or VI will just
read the text document, and reveal all of it to the reader.
3. This one is ouch, and I hope that we all will say NO: Should XACML be
coupled together with encryption of document content ?
JJ