OASIS eXtensible Access Control Markup Language (XACML) TC

RE: XACML TC Charter Revision - Strawman

  • 1.  RE: XACML TC Charter Revision - Strawman

    Posted 05-31-2001 01:35
    >Policy Target
    >The target of a policy (hereafter referred to as "subject") can be any
    >object that can be referenced in XML.
    
    In my experience, the term "subject" would more usually
    refer to the principle requesting access to a resource.
    
    I can't tell for sure if XACML policies are exclusively
    resource-centric (a list of principles/groups/roles that
    have access to a given resource) or also encompass
    principle-centric policies (i.e.
    a list of the resources a given principle has access to).
    Or maybe we want to be able to express both.
    However, I don't think "subject" is
    appropriate when talking about the target for
    resource-centric policies.  (It would be OK for
    principle-centric ones.)
       Instead of "subject", why don't we just use "target"?
    I think that covers both the principle-centric case and
    the resource-centric one fairly nicely.
    
    Regards,
    Marlena Erdos
    IBM/Tivoli