in addressing the topic of section 2.2 (Object Hierarchy With Wild Card
Notation) i would like to propose that we consider regex expressions
instead of simple wildcards. this will allow for much more robust
decision request attributes. to put it in context with michaharu's
example...
in a system where you have the follwing:
c:/winnt/system32
c:/winnt2/system32
c:/winnt3/system32
c:/winnt4/system32
c:/winnt5/system32
c:/winnt[n]/system32
and you wanted access to only:
c:/winnt3/system32
c:/winnt4/system32
c:/winnt5/system32
you could express this as
path="c:/winnt[345]/system32"
rather than list each individually (as would be necessary with just "*"
notations).
b
Michiharu Kudoh wrote:
>
> I post a proposal of object semantics.
> It is similar to the one I posted last week.
>
> (See attached file: XACMLObjectSemantics.pdf)
>
> regards,
> Michiharu Kudo
> Internet Technology TEL +81-46-215-4642
> Tokyo Research Laboratory FAX +81-46-273-7428
> IBM Japan Ltd. Internet: kudo@jp.ibm.com
> ---------------------- Forwarded by Michiharu Kudoh/Japan/IBM on 2001/10/22
> 20:28 ---------------------------
>
> From: Michiharu Kudoh on 2001/10/15 20:03
>
> To: "'xacml@lists.oasis-open.org'" <xacml@lists.oasis-open.org>@internet
> cc:
>
> From: Michiharu Kudoh/Japan/IBM@IBMJP
> Subject: [xacml] [policy model]: Subject semantics proposal
>
> I post a proposal of subject semantics.
>
> >Action Items:
> >2. Submit subject semantics proposals.
>
> regards,
> Michiharu Kudo
> Internet Technology TEL +81-46-215-4642
> Tokyo Research Laboratory FAX +81-46-273-7428
> IBM Japan Ltd. Internet: kudo@jp.ibm.com
> *******Attachment(s) have been removed*******
>
> ------------------------------------------------------------------------
> Name: XACMLObjectSemantics.pdf
> XACMLObjectSemantics.pdf Type: Portable Document Format (application/pdf)
> Encoding: BASE64
> Download Status: Not downloaded with message