OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] [policy model]: Object semantics proposal

  • 1.  Re: [xacml] [policy model]: Object semantics proposal

    Posted 10-26-2001 06:44
    in addressing the topic of section 2.2 (Object Hierarchy With Wild Card
    Notation) i would like to propose that we consider regex expressions
    instead of simple wildcards. this will allow for much more robust
    decision request attributes. to put it in context with michaharu's
    example...
    
    in a system where you have the follwing:
    
    c:/winnt/system32
    c:/winnt2/system32
    c:/winnt3/system32
    c:/winnt4/system32
    c:/winnt5/system32
    c:/winnt[n]/system32
    
    and you wanted access to only:
    
    c:/winnt3/system32
    c:/winnt4/system32
    c:/winnt5/system32
    
    you could express this as
    path="c:/winnt[345]/system32"
    
    rather than list each individually (as would be necessary with just "*"
    notations).
    
    
    
    b
    
    Michiharu Kudoh wrote:
    > 
    > I post a proposal of object semantics.
    > It is similar to the one I posted last week.
    > 
    > (See attached file: XACMLObjectSemantics.pdf)
    > 
    > regards,
    > Michiharu Kudo
    > Internet Technology              TEL +81-46-215-4642
    > Tokyo Research Laboratory    FAX +81-46-273-7428
    > IBM Japan Ltd.                      Internet: kudo@jp.ibm.com
    > ---------------------- Forwarded by Michiharu Kudoh/Japan/IBM on 2001/10/22
    > 20:28 ---------------------------
    > 
    > From: Michiharu Kudoh on 2001/10/15 20:03
    > 
    > To:   "'xacml@lists.oasis-open.org'" <xacml@lists.oasis-open.org>@internet
    > cc:
    > 
    > From: Michiharu Kudoh/Japan/IBM@IBMJP
    > Subject:  [xacml] [policy model]: Subject semantics proposal
    > 
    > I post a proposal of subject semantics.
    > 
    > >Action Items:
    > >2. Submit subject semantics proposals.
    > 
    > regards,
    > Michiharu Kudo
    > Internet Technology              TEL +81-46-215-4642
    > Tokyo Research Laboratory    FAX +81-46-273-7428
    > IBM Japan Ltd.                      Internet: kudo@jp.ibm.com
    > *******Attachment(s) have been removed*******
    > 
    >   ------------------------------------------------------------------------
    >                                       Name: XACMLObjectSemantics.pdf
    >    XACMLObjectSemantics.pdf           Type: Portable Document Format (application/pdf)
    >                                   Encoding: BASE64
    >                            Download Status: Not downloaded with message