4 messages in org.oasis-open.lists.xacmlRe: [xacml] RE: [xacml-comment] Publi...| From | Sent On | Attachments |
|---|---|---|
| Hal Lockhart | Dec 21, 2005 7:32 am | |
| Bill Parducci | Dec 21, 2005 7:49 am | |
| Polar Humenn | Dec 21, 2005 8:02 am | |
| Bill Parducci | Dec 21, 2005 8:48 am |
| Subject: | Re: [xacml] RE: [xacml-comment] Public Comment | |
|---|---|---|
| From: | Polar Humenn (pol...@syr.edu) | |
| Date: | Dec 21, 2005 8:02:07 am | |
| List: | org.oasis-open.lists.xacml | |
I still do not get the concept of a Root Policy set.
Of what purpose would this serve in the standard?
It might serve as a product instruction manual which is a single monolithic PDP saying that there is one policy which is the root of that PDP, which is either a PolicySet or Policy.
If you are pulling out relavant policies out of an LDAP server (only for example), then where is this "root"?
-Polar
On Wed, 21 Dec 2005, Bill Parducci wrote:
i think this plays well with the concept of a PDP root policy(set).
b
Hal Lockhart wrote:
I think the idea of more defaults is a good one and I am forwarding this to the TC list.
However, based on past discussions, I believe the TC would be more likely to select "deny-overrides" as the default.
Hal
-----Original Message----- From: comm...@oasis-open.org [mailto:comm...@oasis-open.org] Sent: Tuesday, December 20, 2005 11:48 AM To: xacm...@lists.oasis-open.org Subject: [xacml-comment] Public Comment
Comment from: lud...@sics.se
Name: Ludwig Seitz Title: PhD Researcher Organization: Security, Policy and Trust Laboratory, SICS, Sweden Regarding Specification: XACML
Hello all, I wanted to suggest some points for the XACML standard with the goal
of
simplifying XACML Policies (by reducing their verboseness).
1. Define a default policy/rule combining algorithm, e.g. "permit- overrides", if the attribute PolicyCombiningAlgId/RuleCombiningAlgId
is
missing from a PolicySet/Policy tag.
2. Define "string-equal" as default MatchId attribute in SubjectMatch, ResourceMatch and ActionMatch tags.
3. Define "http://www.w3.org/2001/XMLSchema#string" as default
DataType
attribute in AttributeValue tags.
4. Define "urn:oasis:names:tc:xacml:1.0:subject:subject-id"/ "urn:oasis:names:tc:xacml:1.0:resource:resource-id"/ "urn:oasis:names:tc:xacml:1.0:action:action-id" as default values for the AttributeId attribute of SubjectAttributeDesignator/ ResourceAttributeDesignator/ ActionAttributeDesignator
Regards,
Ludwig Seitz
--------------------------------------------------------------------- To unsubscribe, e-mail: xacm...@lists.oasis-open.org For additional commands, e-mail:
xacm...@lists.oasis-open.org
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
-- Simula Labs The Open Source Venture Partners 4676 Admiralty Way, Suite 520 Marina del Rey, CA 90292 t: +1 310 437-4888 f: +1 800 822-0471
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. You may a link to this group and all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php