On 17 December, Polar Humenn writes: Re: [xacml] [Model] Re: Composition Use Case
> > I don't think the language syntax itself can handle the matching
> > rules for real-world sets of attributes. I think the language
> > must have a way of pointing to executables for handling the
> > matching.
>
> And what assurance do you have that the executable does the right thing?
The pointer to the executable should be supplied by the policy
issuer, as a reflection of the issuer's intent. The policy
itself, which contains the pointer, must be signed. The
executable can be signed (either by the policy issuer or by a
delegate), or the signed policy that contains the pointer could
contain a hash of the executable. There are certainly other
ways.
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692