atom feed15 messages in org.oasis-open.lists.xacmlRE: [xacml] Agenda for November 15 Te...
FromSent OnAttachments
Carlisle AdamsNov 14, 2001 11:32 am 
Pierangela SamaratiNov 15, 2001 7:09 am 
Pierangela SamaratiNov 15, 2001 7:14 am 
Pierangela SamaratiNov 15, 2001 7:48 am.ps
bill parducciNov 20, 2001 6:15 am 
Pierangela SamaratiNov 26, 2001 11:01 am 
Pierangela SamaratiNov 26, 2001 11:06 am.pdf
Tim MosesNov 27, 2001 5:49 am 
Pierangela SamaratiNov 27, 2001 6:04 am.tex
Hal LockhartNov 27, 2001 6:07 am 
Tim MosesNov 27, 2001 7:05 am 
Pierangela SamaratiNov 27, 2001 7:21 am.tex
Hal LockhartNov 28, 2001 3:16 pm 
bill parducciNov 28, 2001 6:01 pm 
bill parducciNov 29, 2001 7:29 am.bin
Subject:RE: [xacml] Agenda for November 15 Telecon...
From:Pierangela Samarati (sama@pinky.crema.unimi.it)
Date:Nov 15, 2001 7:48:10 am
List:org.oasis-open.lists.xacml
Attachments:
ps00000.ps - 283k

Hi

as mentioned in the concall today al the last policy committee call we discussed the issue of positive (meaning permissions; e.g., "this principal can access this resource") and negative authorizations (meaning denials: "this principal cannot access this resources"). While it is true that you cannot do with permissions alone (many cases call for more flexibility), it is also true that having denials complicates the framework (mostly also since when you start having denials you start thinking of the different semantics that they can carry - and that who specified the rule may have intended).

i had proposed an alternative solution inspired by a recent work, which goes as follows. Distinguish two kinds of rules:

1) the ones that specify sufficient conditions (which are the permissions above)

2) the ones that specify necessary conditions.

instead of repeating descriptions and examples here, i am attaching you a file of that work where the two forms of rules are introduced (Section 4.2). Of course our language is different as more expressive; but that gives the idea.

only one thing, what i call "subject" there is our "principal", what i call "object" is our "resource"

pls just send me email (or post the group) for any clarification that may be needed, and any comments.

best -p

Subject: Re: [xacml] Agenda for November 15 Telecon...

Hi

we (milan) are having problem joining the call, a voice says "code is not valid". anyone else is having this problem?

-p

On Wed, 14 Nov 2001, Carlisle Adams wrote:

Date: Thursday, November 15, 2001 Time: 10:00 AM EST

Tel: 512-225-3050 Access Code: 65998

Proposed Agenda:

10:00-10:10 Roll Call and Agenda Review 10:10-10:15 Vote to accept minutes of November 1 meeting http://lists.oasis-open.org/archives/xacml/200111/msg00003.html 10:15-10:20 Administrative Items (e-mail voting; non-TC member access to mail list) 10:20-10:25 Discussion of Policy Model work description http://www.oasis-open.org/committees/xacml/sc-model.shtml 10:25-10:35 Report of Policy Model Sub-Committee 10:35-10:40 Report of other sub-committees (conformance, IP, security & privacy considerations) 10:40-10:50 Discussion of next Face-to-Face (U.S. West coast, sometime in January) 10:50-11:00 Discussion of proposed Schedule and Milestones (in particular, draft spec by Dec. 1)

Carlisle.

---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>