Re: [sunxacml-discuss] Sunxacml and hierarchical roles
Brought to you by:
farrukh_najmi,
sethp
Menu
▾
▴
Re: [sunxacml-discuss] Sunxacml and hierarchical roles
|
From: Seth P. <set...@su...> - 2006-01-23 15:59:42
|
Hi Jake. On Mon, Jan 23, 2006 at 01:45:00PM +0000, Jake Wu wrote: > Could someone tell me if Sunxacml APIs support the use of hierarchical > Role Base Access Control? i.e. implement the specification which is at > http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-rbac-profi > le1-spec-os.pdf Someone please correct me if I get this wrong, but I believe that the 2.0 RBAC profile is a simple extension to the 1.0 RBAC profile, and doesn't add any dependencies to XACML 2.0. Therefore, yes, the RBAC profile and all of its features should be supported by the current release, and the current CVS tree. Note, however, that the RBAC profile takes advantage of policy references. The current release doesn't include any PolicyFinderModules that support references, so before using RBAC you'll have to implement your own module. This is quite simple, and the 1.2 release even comes with example code that gets you most of the way there. Look for email soon (to this list) with updates on the 2.0 implementation, and some modules that will be included to support this... seth |
