OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] [Model] Re: Composition Use Case

  • 1.  Re: [xacml] [Model] Re: Composition Use Case

    Posted 12-17-2001 14:31
    On Mon, 17 Dec 2001, Anne Anderson wrote:
    
    > On 17 December, Polar Humenn writes: Re: [xacml] [Model] Re: Composition Use Case
    >  > > I don't think the language syntax itself can handle the matching
    >  > > rules for real-world sets of attributes.  I think the language
    >  > > must have a way of pointing to executables for handling the
    >  > > matching.
    >  >
    >  > And what assurance do you have that the executable does the right thing?
    >
    > The pointer to the executable should be supplied by the policy
    > issuer, as a reflection of the issuer's intent.
    
    What guarrantee does the policy issuer have that the executable will not
    change at the time of issuance. More over, what assurance does the policy
    evaluator have that the pointed to executable will not do something bad,
    like creating a covert channel?
    
    > The policy itself, which contains the pointer, must be signed.
    
    Why? Cannot the policy be retrieved from a trusted source?
    
    > The executable can be signed (either by the policy issuer or by a
    > delegate), or the signed policy that contains the pointer could
    > contain a hash of the executable.  There are certainly other ways.
    
    By what method will the "executable" be signed? How can that "hash of the
    executable" be interoperable, say if it's linked on a variety of different
    platforms?
    
    And how does one retreive this executable should you not have one?
    
    Cheers,
    -Polar
    
    > Anne
    > --
    > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    > Sun Microsystems Laboratories
    > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
    > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    >