Re: [sunxacml-discuss] PolicyFinderModule.java
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
Re: [sunxacml-discuss] PolicyFinderModule.java
|
From: Seth P. <Set...@Su...> - 2005-03-17 05:25:37
|
On Mar 16, 2005, at 10:30 AM, Muhammad Masoom Alam wrote: > In order to execute XACML policy file according to RBAC profile for > RBAC what is the needed mechanism. I have explored > FilePolicyModule.java n found some good help there. To support the RBAC profile you shouldn't need to do anything special, except support policy referencing. That's what's missing in the FPM code. > My question is that how we can make certain implemenation e.g. > > 1. only Role policy set shall be evaluated first (may b this can be > done with saving all role policy set files in a differenent directory. Right, this is just a matter of what policies are available at the root. So, you might implement this based on directories, or a single module that's used to supply the policies, etc. It's up to you. > 2. 2ndly , the permissions policy files are then referenced. > 3. The permission policy files may contains referernces to other > permission files too, how to evaluate this ??. Right, like I said above, the one thing you'll have to do is implement support for retrieving policies by reference. This isn't supported by default because there's no standard supporting specific retrieval methods, and it's very application-specific. > 4. it may contains negative permission policy files, n if we want that > they shall be executed first than positive one n if negative gives the > result deny, positive shall not be executed at all. I think this is just a matter of the combining algorithm and how you order your policies. > 5. the sample file given in the sample package for > samplepolicyfindermodule.java is given , but it does not give really > help regarding policy referencing. I'm not sure what else I can provide. That sample is there to show how referencing could be supported. Also, in the test code there's a working example of retrieval based on policy-referencing. What specifically are you looking for? > P.S : u have not given any answer to my question posted on other list > of XACML, shall i post it here ?? Sorry, what email was this? I've been swamped lately, so I probably just missed it... seth |
