OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] A proposal for Context

  • 1.  [xacml] A proposal for Context

    Posted 05-06-2002 10:54
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] A proposal for Context


    
    I have a small proposal on Simon's context.
    
    1. We do not call the "subject" of the AuthorizationQuery the "Requestor".
    
    The "subject" of the authorization query is merely the subject, it is
    not really requesting anything. I don't hold really hold to the idea
    that the subject always "requesting access".
    
    I'd rather see the subject of the request be a structured principal, at
    first, just one level, but later be able to be extended for more complex
    principals.
    
    <x:Principal>
    	<x:NameIdentifier>....</x:NameIdentifier>
    </xPrincipal>
    
    <x:SimplePrincipal>
    	<x:NameIdentifier>....</x:NameIdentifier>
    	<x:AlternateNames>
    	   <x:NameIdentifier>...<x:NameIdentifer>
    	</x:AlternateNames>
    </x:SimplePrincipal>
    
    
    and later on extend Principal to be Complex Principal, such as
    
    <x:ForPrincipal>
       <x:Speaking>
          <x:SimplePrincipal>....</x:SimplePrinipal>
       </x:Speacking>
       <x:SpeakingFor>
          <x:SimplePrincipal>....</x:SimplePrinipal>
       </x:SpeackingFor>
    </x:ForPrincipal>
    
    Cheers,
    -Polar
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC