OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] XACML Extensibility Points and J2SE requirements

  • 1.  [xacml] XACML Extensibility Points and J2SE requirements

    Posted 08-14-2002 15:04
    [Disclaimer: none of the following represents a commitment by Sun or by the Java Community to implement XACML or, if implemented, to implement it in ways suggested below. This is an individual contribution from Anne Anderson, attempting to ensure that the Java Community would be able to implement XACML for use with Java applications should a group desire to do so.] In response to my action item from the Face-to-Face, I have reviewed the "XACML extensibility points (non-normative)" section of v0.15.doc to see if changes or additions are required to meet J2SE requirements. The current section needs to be re-written to fit the current schema, but there are no specific changes required for J2SE. The current XACML schema and model are sufficient to implement J2SE requirements. Important extensibility points (that currently exist) from the J2SE point of view are: FunctionId : since type is a QName, it is possible for a PDP to support additional non-normative functions that might be required to implement J2SE Permission "implies" semantics. AttributeId : since type is xs:anyURI, it is possible for a PDP to support additional non-normative attribute types. Such additional attribute types will be required by any application domain such as J2SE to support attributes specific to its context. DataType : since type is xs:anyURI, it is possible for a PDP to support additional non-normative data types. Such additional data types may be required by any application domain such as J2SE to support data specific to its context. Multiple subjects : since multiple subjects are supported in an XACML context, it is possible to associate different sets of attributes with each subject. Included among the attribute identifiers for a context Subject is "urn:oasis:names:tc:xacml:1.0:subject:subject-category", with values of "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" and "urn:oasis:names:tc:xacml:1.0:subject-category:codebase". These values support the current J2SE subject types, and allow for any future types that may be added. Anne Anderson -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692