>Policy Target
>The target of a policy (hereafter referred to as "subject") can be any
>object that can be referenced in XML.
In my experience, the term "subject" would more usually
refer to the principle requesting access to a resource.
I can't tell for sure if XACML policies are exclusively
resource-centric (a list of principles/groups/roles that
have access to a given resource) or also encompass
principle-centric policies (i.e.
a list of the resources a given principle has access to).
Or maybe we want to be able to express both.
However, I don't think "subject" is
appropriate when talking about the target for
resource-centric policies. (It would be OK for
principle-centric ones.)
Instead of "subject", why don't we just use "target"?
I think that covers both the principle-centric case and
the resource-centric one fairly nicely.
Regards,
Marlena Erdos
IBM/Tivoli