OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  Delegation draft 14 uploaded

    Posted 10-05-2006 10:16
    All,
    
    I have now updated the delegation draft to use attribute categories as
    in Daniel's proposal.
    
    http://www.oasis-open.org/apps/org/workgroup/xacml/download.php/20587/xacml-3.0-administration-v1-wd-14.zip
    
    There are lots of changes this time. Issues 49-52 in the issues list
    provide a summary of the approach I have used.
    
    http://wiki.oasis-open.org/xacml/IssuesList
    
    I renamed the 


  • 2.  RE: [xacml] Delegation draft 14 uploaded

    Posted 10-05-2006 19:26
    >I created a section in the document listing the attribute categories
    >that are used by the delegation features. I called the section
    "Reserved
    >Attribute Categories" and put Delegate, IndirectDelegate,
    DelegationInfo
    >and Delegated* there. Should we worry about collisions between category
    >names defined by us and users? If so, how do we handle it? A convention
    >similar to the C-language underscore?
    
    I think following the URN naming convention that we have everywhere
    should be sufficient to prevent collisions..  I think that if some user
    names his attribute category starting with urn:oasis:names:tc:xacml:  -
    they deserve to have a collision issue.
    
    >We were just going to remove subject categories, right? So, in the
    >"access permitted" feature, I removed all references to them.
    We are not removing subject categories.  They are all the same - just
    mentioned in a different attribute in the designator..
    Daniel;
    
    _______________________________________________________________________
    Notice:  This email message, together with any attachments, may contain
    information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
    entities,  that may be confidential,  proprietary,  copyrighted  and/or
    legally privileged, and is intended solely for the use of the individual
    or entity named in this message. If you are not the intended recipient,
    and have received this message in error, please immediately return this
    by email and then delete it.
    


  • 3.  Re: [xacml] Delegation draft 14 uploaded

    Posted 10-06-2006 06:02
    Daniel Engovatov wrote:
    
    >>I created a section in the document listing the attribute categories
    >>that are used by the delegation features. I called the section
    >>    
    >>
    >"Reserved
    >  
    >
    >>Attribute Categories" and put Delegate, IndirectDelegate,
    >>    
    >>
    >DelegationInfo
    >  
    >
    >>and Delegated* there. Should we worry about collisions between category
    >>names defined by us and users? If so, how do we handle it? A convention
    >>similar to the C-language underscore?
    >>    
    >>
    >
    >I think following the URN naming convention that we have everywhere
    >should be sufficient to prevent collisions..  I think that if some user
    >names his attribute category starting with urn:oasis:names:tc:xacml:  -
    >they deserve to have a collision issue.
    >  
    >
    
    Yes, this makes sense. This means I must stop using categories such as
    "Subject" and start using
    "urn:oasis:names:tc:xacml:attribute:category:subject". I'll correct that
    for the next draft.
    
    >>We were just going to remove subject categories, right? So, in the
    >>"access permitted" feature, I removed all references to them.
    >>    
    >>
    >We are not removing subject categories.  They are all the same - just
    >mentioned in a different attribute in the designator..
    >Daniel;
    >  
    >
    
    Yes, that was what I meant with "remove". :-) There is no longer a
    special XML attribute for them. Just to make sure we agree, this is what
    I think we agreed on:
    
    XACML 2.0:
    
    
    
    XACML 3.0:
    
    
    
    In other words, we just make the attribute category to be the subject
    category and the old "Subject" from XACML 2.0 becomes translated into
    the access subject category in XACML 3.0. Correct me if I am mistaken.
    
    Regards, Erik