OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] Problem Statement for "Fully specify hierarchical resources". Forwarded message from Anne Anderson.

  • 1.  [xacml] Problem Statement for "Fully specify hierarchical resources". Forwarded message from Anne Anderson.

    Posted 03-20-2003 16:17
    [Reposting, since original no longer in archives after the
    mailing list updates -Anne]
    
    ------- start of forwarded message -------
    From: Anne Anderson <Anne.Anderson@Sun.COM>
    To: XACML TC <xacml@lists.oasis-open.org>
    Subject: [xacml] Problem Statement for "Fully specify hierarchical resources"
    Date: Tue, 11 Mar 2003 13:27:42 -0500
    
    This is a concrete problem statement for the XACML 1.1 work item
    titled "Fully specify hierarchical resources".
    
    While the spec makes it clear how hierarchical resources are
    supposed to be handled in the abstract, there are no concrete
    rules for how to handle particular types of resource hierarchies
    (eg filesystems, XML documents, LDAP services, etc).  Because of
    this, it is not possible to provide implementations of XACML that
    can properly handle resource hierarchies in an interoperable and
    predictable way.
    
    In order for there to be good interoperability here, there needs
    to be standard language describing how to handle some of the more
    common kinds of hierachies, and it needs to cover the tricky
    cases like what happens when a parent node can't resolve some
    descendant nodes, etc.
    
    There also needs to be a way to identify which kind of hierarchy
    a particular resource in a policy follows.  This may be implicit
    for some types of resources (e.g. .xml documents?), but not for
    others (e.g. filesystems that are not UNIX-like).  Such an
    identifier would allow an implementation to invoke the hierarchy
    manager appropriate for the hierarchy type, or to report that it
    is unable to interpret the specified hierarchy type.
    
    Submitted by Anne Anderson and Seth Proctor.
    
    Anne Anderson
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    
    
    ----------------------------------------------------------------
    To subscribe or unsubscribe from this elist use the subscription
    manager: <http://lists.oasis-open.org/ob/adm.pl>
    
    ------- end of forwarded message -------
    
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692