OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Re: [xacml] subjects

    Posted 11-05-2002 14:33
    On 4 November, Polar Humenn writes: Re: [xacml] subjects > I think a better more workable solution would be to make the subjects > (i.e. lists of attributes) unique to the category, and use the present > SubjectAttributeDesignator (with the SubjectCategory part) and get rid of > the SubjectAttributeDesignatorWhere. That's simple and I think everybody > can get their brains wrapped around that. I can live with this. What we lose is the ability to associate attribute values with the identities and authentication methods under which those attributes were issued. We can continue to try to improve this for 1.1 or 2.0. I really think we are going to need some serious thought to solve the problems raised by SADWhere, and I would rather have a good solution than a complex, understudied, possibly unworkable one. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692