Profile

This is a criticism that could be applied broadly to xml "standards." Seems everyone invents a little progtamming language of his own (with yet another metadata vocab.) Where to begin to clean this profusion?? Martin

This is a capability we (DHS and others) are very interested in. Whether it is an XACML standards issue or not is debatable (vs. a "tools" issue) but I note that a good deal of the overall Security TC work is based on a unifying architectural model of access control that is beyond the scope of the SAML ...

+1 Martin Martin F. Smith Director, National Security Systems US Department of Homeland Security NAC 19-204-47 (202) 447-3743 desk (202) 441-9731 mobile

"This discussion seems reasonable to me as far as it goes, however the BTG attribute is more than a privilege, it is in an environmental variable that tells the PDP which of a number of possible policy sets applies to the decision at hand." I would say it is a USER ASSERTION about the state of ...

Agree with Doron: in fact, BTG does not ??break the rules ? ?? because the rule set includes the rule that ??if BTG_condition = true then permit . . ? One notion I have not seen explicitly in the discussion is that in the case of the BTG scenario, the ??authoritative attribute source ? ...