* XML ACL standard ratified @ 2003-02-21 15:14 Joshua Brindle 2003-02-22 3:47 ` Brian May 0 siblings, 1 reply; 3+ messages in thread From: Joshua Brindle @ 2003-02-21 15:14 UTC (permalink / raw) To: SELinux http://www.eweek.com/article2/0,3959,893831,00.asp XACML (extensible access control markup language) ratified will selinux be taking advantage of this? i know someone was working on some xml stuff a while back but everytime i go look at where it is it hasn't changed.. anyone else planning on implementing an XML policy translator or something? Thanks.. Joshua Brindle UNIX Administrator Southern Nazarene University -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: XML ACL standard ratified 2003-02-21 15:14 XML ACL standard ratified Joshua Brindle @ 2003-02-22 3:47 ` Brian May 2003-02-24 3:10 ` Gerald E 0 siblings, 1 reply; 3+ messages in thread From: Brian May @ 2003-02-22 3:47 UTC (permalink / raw) To: Joshua Brindle; +Cc: SELinux On Fri, Feb 21, 2003 at 09:14:52AM -0600, Joshua Brindle wrote: > http://www.eweek.com/article2/0,3959,893831,00.asp > XACML (extensible access control markup language) ratified > > will selinux be taking advantage of this? i know someone was working on > some xml stuff a while back but everytime i go look at where it is it > hasn't changed.. anyone else planning on implementing an XML policy > translator or something? Thanks.. So far I only have had a quick look at XACML (and may be totally mistaken, I am still downloading the specs), but it would appear to serve a different purpose to SE-Linux. XACML, while a central policy, like SE-Linux, appears to be focused around what actions individual users can/can't do. eg. Can a user log in at time X:XXam?. SE-Linux on the other hand is focused on what processes can access what resources. eg. Can Mozilla access the user's PGP private key? Can inetd bind on port 80? These aren't necessarily mutually exclusive goals, just different goals. -- Brian May <bam@snoopy.apana.org.au> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. ^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: XML ACL standard ratified 2003-02-22 3:47 ` Brian May @ 2003-02-24 3:10 ` Gerald E 0 siblings, 0 replies; 3+ messages in thread From: Gerald E @ 2003-02-24 3:10 UTC (permalink / raw) To: Brian May; +Cc: Joshua Brindle, SELinux [-- Attachment #1: Type: text/plain, Size: 1969 bytes --] Having read at least part of the XACML standard and sat through some presentations on it I could call my self an expert, but I am not. Basically it is an extension to SAML, with eXtentions for how to exchange security tokens for permissions for authorization. http://www.oasis-open.org/committees/security/ For SAML http://www.oasis-open.org/committees/xacml/ for XACML in addition there is additional mechanisms for security management. This standard will become more important as things like web services are implemented. I am on the W3C Web Services Architecture group for my company, and security is being addressed. Gerald Edgar Brian May wrote: > On Fri, Feb 21, 2003 at 09:14:52AM -0600, Joshua Brindle wrote: > > http://www.eweek.com/article2/0,3959,893831,00.asp > > XACML (extensible access control markup language) ratified > > > > will selinux be taking advantage of this? i know someone was working on > > some xml stuff a while back but everytime i go look at where it is it > > hasn't changed.. anyone else planning on implementing an XML policy > > translator or something? Thanks.. > > So far I only have had a quick look at XACML (and may be totally > mistaken, I am still downloading the specs), but it would appear to > serve a different purpose to SE-Linux. > > XACML, while a central policy, like SE-Linux, appears to be focused > around what actions individual users can/can't do. eg. Can a user log in > at time X:XXam?. > > SE-Linux on the other hand is focused on what processes can access > what resources. eg. Can Mozilla access the user's PGP private key? > Can inetd bind on port 80? > > These aren't necessarily mutually exclusive goals, just different > goals. > -- > Brian May <bam@snoopy.apana.org.au> > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with > the words "unsubscribe selinux" without quotes as the message. [-- Attachment #2: Type: text/html, Size: 2455 bytes --] ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2003-02-24 3:10 UTC | newest] Thread overview: 3+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-02-21 15:14 XML ACL standard ratified Joshua Brindle 2003-02-22 3:47 ` Brian May 2003-02-24 3:10 ` Gerald E
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.