43 messages in org.oasis-open.lists.xacmlRe: [xacml] Issue: Hierarchical profi...| From | Sent On | Attachments |
|---|---|---|
| Rich.Levinson | Jan 14, 2009 10:54 pm | |
| Daniel Engovatov | Jan 14, 2009 11:23 pm | |
| Rich.Levinson | Jan 15, 2009 6:42 am | |
| Erik Rissanen | Jan 15, 2009 6:52 am | |
| Rich.Levinson | Jan 15, 2009 8:36 am | |
| Daniel Engovatov | Jan 15, 2009 11:09 am | |
| Anil Saldhana | Jan 20, 2009 6:04 pm | |
| Hal Lockhart | Jan 21, 2009 8:48 am | |
| Rich.Levinson | Feb 16, 2009 4:22 pm | |
| Daniel Engovatov | Feb 16, 2009 4:48 pm | |
| Rich.Levinson | Feb 16, 2009 5:40 pm | |
| Daniel Engovatov | Feb 16, 2009 5:59 pm | |
| Rich.Levinson | Feb 16, 2009 8:05 pm | |
| Daniel Engovatov | Feb 16, 2009 8:39 pm | |
| Erik Rissanen | Feb 17, 2009 3:37 am | |
| Rich.Levinson | Feb 17, 2009 7:40 am | |
| Rich.Levinson | Feb 17, 2009 7:48 am | |
| Daniel Engovatov | Feb 17, 2009 11:19 am | |
| Rich.Levinson | Feb 17, 2009 8:33 pm | |
| Daniel Engovatov | Feb 18, 2009 10:15 am | |
| Seth Proctor | Feb 18, 2009 10:29 am | |
| Daniel Engovatov | Feb 18, 2009 11:02 am | |
| Rich.Levinson | Feb 18, 2009 12:37 pm | |
| Daniel Engovatov | Feb 18, 2009 12:51 pm | |
| Rich.Levinson | Feb 18, 2009 3:04 pm | |
| Daniel Engovatov | Feb 18, 2009 3:16 pm | |
| Rich.Levinson | Feb 18, 2009 6:54 pm | |
| Erik Rissanen | Feb 19, 2009 6:57 am | |
| Daniel Engovatov | Feb 19, 2009 10:59 am | |
| Rich.Levinson | Feb 19, 2009 8:02 pm | |
| Rich.Levinson | Feb 19, 2009 9:11 pm | |
| Erik Rissanen | Feb 20, 2009 1:34 am | |
| Erik Rissanen | Feb 20, 2009 1:41 am | |
| Rich.Levinson | Feb 20, 2009 2:12 am | |
| Erik Rissanen | Feb 20, 2009 2:30 am | |
| Rich.Levinson | Feb 20, 2009 8:14 am | |
| Rich.Levinson | Feb 20, 2009 8:55 am | |
| Daniel Engovatov | Feb 20, 2009 10:37 am | |
| Daniel Engovatov | Feb 20, 2009 10:37 am | |
| Rich.Levinson | Feb 20, 2009 10:46 am | |
| Daniel Engovatov | Feb 20, 2009 11:01 am | |
| Rich.Levinson | Feb 20, 2009 1:22 pm | |
| Daniel Engovatov | Feb 20, 2009 3:03 pm |
| Subject: | Re: [xacml] Issue: Hierarchical profile appears ambiguous and inconsistent | |
|---|---|---|
| From: | Anil Saldhana (Anil...@redhat.com) | |
| Date: | Jan 20, 2009 6:04:10 pm | |
| List: | org.oasis-open.lists.xacml | |
A question I have is how many folks are really using this hierarchical profile in practice.
Daniel Engovatov wrote:
On Jan 14, 2009, at 10:54 PM, Rich.Levinson wrote:
* There needs to be a definition of "hierarchy". In particular, a "hierarchy" defn should state that the fundamental properties are that there must be a single root node with no parent, and that every other node in the hierarchy must have one and only one parent, and can have zero, one, or more children.
I am not sure why do you think this is a requirement. It is a normal use case to inherit policy from more then one parent, and "ancestors" attribute approach allows such models without undue restrictions.
in order to submit a request one has to somehow identify all the hierarchies the given node belongs to, all the hierarchies the node's parent(s) and ancestors to, and include an Attribute element for each.
And why is that a problem? Yes, if one wants "inheritance", graph needs to be defined, and attributes is a natural way to define it.
I suspect that at most one would need to collect all the normative representations of only the resource-id node (i.e. identify all the hierarchies it belongs to), then for each hierarchy, one would evaluate the policies that apply to that hierarchy.
Policy evaluation does not need to know anything about hierarchies that are represented with an "ancestor" attribute.
Daniel;
--------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php