OASIS eXtensible Access Control Markup Language (XACML) TC

[xacml] [Model] Re: Composition Use Case

  • 1.  [xacml] [Model] Re: Composition Use Case

    Posted 12-17-2001 13:39
    X-Mailer: Sun NetMail 2.3
    MIME-Version: 1.0
    Content-Type: text/plain; charset="US-ASCII"
    Content-Transfer-Encoding: 7bit
    
    On 17 December, bill parducci writes: Re: [xacml] [Model] Composition Use Case
     > /*
     > 1. Ability to describe Matching Rules for attributes (for
     >     example, does "A@EnergyInfoAdmin.doe.gov" match "*.doe.gov").
     > */
     > 
     > this is really the key requirement in my example: pattern matching. the 
     > only difference here from what i tossed out was that my 'case' used this 
     > against payload (content) as well has requester information. since i 
     > believe that payload is just another field i think that the generalized 
     > requirement for pattern matching meets the requirement. as pointed out 
     > earlier by a couple of people, i believe that regular expressions should 
     > be used as the basis for patterning.
    
    Matching of X500 Distinguished Names can not be handled via
    regular expressions (case, ordering of attribute-value
    assertions, handling of spaces, etc.).  URL's can not be handled
    via regular expressions (places where case matters versus where
    it does not).  Attributes that are themselves complex types (such
    as certain X509 Attribute Certificate attributes) can not be
    handled via regular expressions.
    
    I don't think the language syntax itself can handle the matching
    rules for real-world sets of attributes.  I think the language
    must have a way of pointing to executables for handling the
    matching.
    
    Anne
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692