- From: Laura Arribas via cvs-syncmail <cvsmail@w3.org>
- Date: Fri, 09 Apr 2010 16:12:39 +0000
- To: public-dap-commits@w3.org
Update of /sources/public/2009/dap/policy In directory hutz:/tmp/cvs-serv22428 Modified Files: Overview.html Log Message: References (XACML20, SUS3) Index: Overview.html =================================================================== RCS file: /sources/public/2009/dap/policy/Overview.html,v retrieving revision 1.6 retrieving revision 1.7 diff -u -d -r1.6 -r1.7 --- Overview.html 9 Apr 2010 15:28:15 -0000 1.6 +++ Overview.html 9 Apr 2010 16:12:37 -0000 1.7 @@ -65,11 +65,10 @@ </p> <p> This model is defined using concepts, terminology and semantics from the eXtensible Access Control Markup Language - [[!XACML]] framework. DAP policies are capable of + [[!XACML20]] framework. DAP policies are capable of representation in a compact XML format (and other formats, including a compact binary representation if necessary). - </p> <p class="issue"> XACML MISSING REF ENTRY. OASIS eXtensible - Access Control Markup Language (XACML) Version 2.0 </p> <p> + </p> <p> It is intended that DAP policies are also eventually capable of representation in XACML, using a specific dictionary of attributes and a subset of XACML elements; however this is not currently possible without defining a number of @@ -171,11 +170,11 @@ The access control system itself consists of a number of logically distinct elements. <!-- Specific DAP requirements and interfaces are specified in terms of these separate functional components. --> This logical breakdown and associated - terminology is adopted from XACML [[!XACML]] and illustrated below. + terminology is adopted from XACML [[!XACML20]] and illustrated below. </p> <!-- ILLUSTRATION XACML DATAFLOW --> <object type="image/svg+xml" data="XACMLdataflow.svg"> - <img src="XACMLdataflow.png" alt="graphical representation of the XACML data flow" title="DAP security model, derived from XACML [[!XACML]] Specification Schema" width="500" height="500"/> </object> + <img src="XACMLdataflow.png" alt="graphical representation of the XACML data flow" title="DAP security model, derived from XACML Specification Schema" width="700" height="700"/> </object> <p> The specified functional components are as follows: <ul> @@ -252,11 +251,11 @@ <li><p>it provides a way of ensuring that the correct precedence is applied when processing rules. This makes some rules easier to write because their applicability is more narrowly scoped by their enclosing policy. More significantly, it ensures that security requirements determined by one authority are not wrongly overridden by rules provided by a subordinate authority.</p></li> </ul> <p> - Simplistically, each rule is specified by defining a <strong><em><a href=#condition>condition</a></em></strong>, which is a set of statements which must be satisfied in order for that particular rule to apply, and an <strong><em><a href=#effect>effect</a></em></strong> which represents the rule’s outcome – ie whether that rule indicates that the access request should be permitted or not. + Simplistically, each rule is specified by defining a <strong><em><a href=#condition>condition</a></em></strong>, which is a set of statements which must be satisfied in order for that particular rule to apply, and an <strong><em><a href=#effect>effect</a></em></strong> which represents the rule's outcome – ie whether that rule indicates that the access request should be permitted or not. </p> <!-- ILLUSTRATION POLICY LANGUAGE MODEL --> <object type="image/svg+xml" data="languagemodel.svg"> - <img src="languagemodel.png" alt="graphical representation of the XACML policy language model" title="DAP policy language model, derived from XACML [[!XACML]] Specification Schema" width="250" /> </object> + <img src="languagemodel.png" alt="graphical representation of the XACML policy language model" title="DAP policy language model, derived from XACML Specification Schema" width="250" /> </object> </section> <!-- access control policy structure --> <section id=rule-processing> <h3>Rule Processing</h3> @@ -285,8 +284,7 @@ framework. This includes definitions of each of the entities involved in the definition of an access control policy, and a definition of the attributes of each entity that are recognised and are required to be supported. This - specification uses [[!XACML]]. </p> <p class="issue"> XACML MISSING REF ENTRY. OASIS eXtensible - Access Control Markup Language (XACML) Version 2.0 </p> + specification uses [[!XACML20]]. </p> <section id="application-execution-phases"> <h3>Application Execution Phases</h3> <p>The <em>execution</em> phase of a web application @@ -770,10 +768,9 @@ If either input is the empty bag, the result is false. An input of type other than empty bag or string bag is converted to string bag first. </p> <p>A glob pattern is - as described in [[!SUSv3]] section 2.13 Pattern Matching Notation + as described in [[!SUS3]] section 2.13 Pattern Matching Notation but excluding 2.13.3 Patterns Used for Filename - Expansion. </p> <p class="issue"> XACML MISSING REF ENTRY.http://www.unix.org/single_unix_specification/ - </p> <!-- Shell & Utilities Volume of the SUSv3 spec --><p>Using this function with a glob + Expansion. </p> <!-- Shell & Utilities Volume of the SUSv3 spec --><p>Using this function with a glob pattern of “*” (a single asterisk) is a convenient way to test whether the first input is not an empty bag. </p>
Received on Friday, 9 April 2010 16:12:40 UTC