OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

[xacml] Re: Observation on J2SE context proposal

  • 1.  [xacml] Re: Observation on J2SE context proposal

    Posted 06-06-2002 09:46 
     MHonArc v2.5.2 -->

















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: [xacml] Re: Observation on J2SE context proposal
    







    



    
OK. I agree to that <NameIdentifier> should be a special element for
<Principal>.
So it would be nice that XACML Context reflects that notion.

Michiharu

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428




                                                                                                                 
                    Anne Anderson                                                                                
                    <Anne.Anderson       To:     Michiharu Kudoh/Japan/IBM@IBMJP                                 
                    @Sun.com>            cc:     XACML TC <xacml@lists.oasis-open.org>                           
                                         Subject:     Re: Observation on J2SE context proposal                   
                    2002/06/06                                                                                   
                    05:35                                                                                        
                    Please respond                                                                               
                    to                                                                                           
                    Anne.Anderson                                                                                
                                                                                                                 
                                                                                                                 



On 3 June, Michiharu Kudoh writes: Observation on J2SE context proposal
 > I would suggest more aggressive
 > generalization like we don't even distinguish the name identifier from
 > other attributes. For example, a current context fragment of
 > j2se:RequestingUser is:
 >
 > <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser">
 >   <xacml:NameIdentifier Format="itu:X500DistinguishedName">
 >     "cn=Anne,ou=SunLabs,o=Sun,c=US"
 >   </xacml:NameIdentifier>
 > </xacml:simplePrincipal>
 >
 > It is transformed to:
 >
 > <xacml:SimplePrincipal PrincipalType="j2se:RequestingUser">
 >   <xacml:Attribute AttributeName="NameIdentifier" Format
 > ="itu:X500DistinguishedName">
 >     "Zoe@Sun.COM"
 >   </xacml:Attribute>
 > </xacml:simplePrincipal>
 >
 > Now, the name identifier becomes a usual attribute.

I think the NameIdentifier needs to be a special attribute
because each Principal must have exactly one.  Other attributes
are all optional, and multiple instances do not cause problems.

The NameIdentifier could become an xml attribute of the Principal
element, but we would then have to deal with Format, ds:KeyInfo,
etc.

Anne
--
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692






    





    






    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content