OASIS eXtensible Access Control Markup Language (XACML) TC

On the last call, I said that it was too soon to start working on 4.0.  I am holding to that, but have a suggested change for the definition for “target” when the time is right.   3.0-- Target The set of decision requests , identified by definitions for resource , subject and action that a rule , policy, or policy set is intended to evaluate   Proposed-- Target The set of decision requests , identified by definitions for resource , subject and action that a PDP is intended to evaluate according to the applicable rule , policy, or policy set   Thoughts?  

Sounds reasonable.  Keep the rules/policies as passive documents and attribute action to the PDP.   Danny Thorpe Authorization Architect Dell Identity & Access Management, Quest Software   Quest Software is now part of Dell.   From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Tolbert, John W Sent: Tuesday, August 06, 2013 10:48 AM To: xacml@lists.oasis-open.org Subject: [xacml] Target definition   On the last call, I said that it was too soon to start working on 4.0.  I am holding to that, but have a suggested change for the definition for “target” when the time is right.   3.0-- Target The set of decision requests , identified by definitions for resource , subject and action that a rule , policy, or policy set is intended to evaluate   Proposed-- Target The set of decision requests , identified by definitions for resource , subject and action that a PDP is intended to evaluate according to the applicable rule , policy, or policy set   Thoughts?  

The definition you gave, John, is very "XACML 2.0"-like. I can see that it's also the definition in the XACML 3.0 document. We should broaden it to include environment attributes and attributes of custom categories. Thoughts? On Tue, Aug 6, 2013 at 7:53 PM, Danny Thorpe < Danny.Thorpe@software.dell.com > wrote: Sounds reasonable.  Keep the rules/policies as passive documents and attribute action to the PDP.   Danny Thorpe Authorization Architect Dell Identity & Access Management, Quest Software   Quest Software is now part of Dell.   From: xacml@lists.oasis-open.org [mailto: xacml@lists.oasis-open.org ] On Behalf Of Tolbert, John W Sent: Tuesday, August 06, 2013 10:48 AM To: xacml@lists.oasis-open.org Subject: [xacml] Target definition   On the last call, I said that it was too soon to start working on 4.0.  I am holding to that, but have a suggested change for the definition for “target” when the time is right.   3.0-- Target The set of decision requests , identified by definitions for resource , subject and action that a rule , policy, or policy set is intended to evaluate   Proposed-- Target The set of decision requests , identified by definitions for resource , subject and action that a PDP is intended to evaluate according to the applicable rule , policy, or policy set   Thoughts?   -- David Brossard, M.Eng, SCEA, CSTP Product Manager +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics

The set of decision requests , identified by definitions for resource , subject, environment, action, or other custom attributes that a PDP is intended to evaluate according to the applicable rule , policy, or policy set Better?    From: David Brossard [mailto:david.brossard@axiomatics.com] Sent: Tuesday, August 06, 2013 11:33 AM To: Danny Thorpe Cc: Tolbert, John W; xacml@lists.oasis-open.org Subject: Re: [xacml] RE: Target definition   The definition you gave, John, is very "XACML 2.0"-like. I can see that it's also the definition in the XACML 3.0 document. We should broaden it to include environment attributes and attributes of custom categories.   Thoughts?   On Tue, Aug 6, 2013 at 7:53 PM, Danny Thorpe < Danny.Thorpe@software.dell.com > wrote: Sounds reasonable.  Keep the rules/policies as passive documents and attribute action to the PDP.   Danny Thorpe Authorization Architect Dell Identity & Access Management, Quest Software   Quest Software is now part of Dell.   From: xacml@lists.oasis-open.org [mailto: xacml@lists.oasis-open.org ] On Behalf Of Tolbert, John W Sent: Tuesday, August 06, 2013 10:48 AM To: xacml@lists.oasis-open.org Subject: [xacml] Target definition   On the last call, I said that it was too soon to start working on 4.0.  I am holding to that, but have a suggested change for the definition for “target” when the time is right.   3.0-- Target The set of decision requests , identified by definitions for resource , subject and action that a rule , policy, or policy set is intended to evaluate   Proposed-- Target The set of decision requests , identified by definitions for resource , subject and action that a PDP is intended to evaluate according to the applicable rule , policy, or policy set   Thoughts?     -- David Brossard, M.Eng, SCEA, CSTP Product Manager +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics

Yes, thanks! On Tue, Aug 6, 2013 at 8:35 PM, Tolbert, John W < john.w.tolbert@boeing.com > wrote: The set of decision requests , identified by definitions for resource , subject, environment, action, or other custom attributes that a PDP is intended to evaluate according to the applicable rule , policy, or policy set Better?    From: David Brossard [mailto: david.brossard@axiomatics.com ] Sent: Tuesday, August 06, 2013 11:33 AM To: Danny Thorpe Cc: Tolbert, John W; xacml@lists.oasis-open.org Subject: Re: [xacml] RE: Target definition   The definition you gave, John, is very "XACML 2.0"-like. I can see that it's also the definition in the XACML 3.0 document. We should broaden it to include environment attributes and attributes of custom categories.   Thoughts?   On Tue, Aug 6, 2013 at 7:53 PM, Danny Thorpe < Danny.Thorpe@software.dell.com > wrote: Sounds reasonable.  Keep the rules/policies as passive documents and attribute action to the PDP.   Danny Thorpe Authorization Architect Dell Identity & Access Management, Quest Software   Quest Software is now part of Dell.   From: xacml@lists.oasis-open.org [mailto: xacml@lists.oasis-open.org ] On Behalf Of Tolbert, John W Sent: Tuesday, August 06, 2013 10:48 AM To: xacml@lists.oasis-open.org Subject: [xacml] Target definition   On the last call, I said that it was too soon to start working on 4.0.  I am holding to that, but have a suggested change for the definition for “target” when the time is right.   3.0-- Target The set of decision requests , identified by definitions for resource , subject and action that a rule , policy, or policy set is intended to evaluate   Proposed-- Target The set of decision requests , identified by definitions for resource , subject and action that a PDP is intended to evaluate according to the applicable rule , policy, or policy set   Thoughts?     -- David Brossard, M.Eng, SCEA, CSTP Product Manager +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics -- David Brossard, M.Eng, SCEA, CSTP Product Manager +46(0)760 25 85 75 Axiomatics AB Skeppsbron 40 S-111 30 Stockholm, Sweden http://www.linkedin.com/companies/536082 http://www.axiomatics.com http://twitter.com/axiomatics