From: Gerald E <gwe3409@att.net>
To: Brian May <bam@snoopy.apana.org.au>
Cc: Joshua Brindle <JBrindle@snu.edu>, SELinux@tycho.nsa.gov
Subject: Re: XML ACL standard ratified
Date: Sun, 23 Feb 2003 19:10:42 -0800 [thread overview]
Message-ID: <3E598D32.390F96D9@att.net> (raw)
In-Reply-To: 20030222034752.GC25815@snoopy.apana.org.au
[-- Attachment #1: Type: text/plain, Size: 1969 bytes --]
Having read at least part of the XACML standard and sat through some
presentations on it I could call my self an expert, but I am not.
Basically it is an extension to SAML, with eXtentions for how to exchange
security tokens for permissions for authorization.
http://www.oasis-open.org/committees/security/
For SAML
http://www.oasis-open.org/committees/xacml/
for XACML
in addition there is additional mechanisms for security management.
This standard will become more important as things like web services are
implemented.
I am on the W3C Web Services Architecture group for my company, and security is
being addressed.
Gerald Edgar
Brian May wrote:
> On Fri, Feb 21, 2003 at 09:14:52AM -0600, Joshua Brindle wrote:
> > http://www.eweek.com/article2/0,3959,893831,00.asp
> > XACML (extensible access control markup language) ratified
> >
> > will selinux be taking advantage of this? i know someone was working on
> > some xml stuff a while back but everytime i go look at where it is it
> > hasn't changed.. anyone else planning on implementing an XML policy
> > translator or something? Thanks..
>
> So far I only have had a quick look at XACML (and may be totally
> mistaken, I am still downloading the specs), but it would appear to
> serve a different purpose to SE-Linux.
>
> XACML, while a central policy, like SE-Linux, appears to be focused
> around what actions individual users can/can't do. eg. Can a user log in
> at time X:XXam?.
>
> SE-Linux on the other hand is focused on what processes can access
> what resources. eg. Can Mozilla access the user's PGP private key?
> Can inetd bind on port 80?
>
> These aren't necessarily mutually exclusive goals, just different
> goals.
> --
> Brian May <bam@snoopy.apana.org.au>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
> the words "unsubscribe selinux" without quotes as the message.
[-- Attachment #2: Type: text/html, Size: 2455 bytes --]
prev parent reply other threads:[~2003-02-24 3:10 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-02-21 15:14 XML ACL standard ratified Joshua Brindle
2003-02-22 3:47 ` Brian May
2003-02-24 3:10 ` Gerald E [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3E598D32.390F96D9@att.net \
--to=gwe3409@att.net \
--cc=JBrindle@snu.edu \
--cc=SELinux@tycho.nsa.gov \
--cc=bam@snoopy.apana.org.au \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.