Re: [Acegisecurity-developer] Standards-based Access Control (XACML, RBAC)

Luke Taylor Wed, 26 May 2004 16:43:40 -0700

Does anyone actually use XACML in practice? It seemed pretty complicated when I looked at it and I couldn't see any benefits for our project. For example, the equivalent of

"if (action = 'read' )" expressed in XACML was

<Action> <ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> <AttributeValue DataType="(Link: http://www.w3.org/2001/XMLSchema#string)http://www.w3.org/2001/XMLSchema#string";>read</AttributeValue>

<ActionAttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" DataType="(Link: http://www.w3.org/2001/XMLSchema#string)http://www.w3.org/2001/XMLSchema#string"/>

   </ActionMatch>
</Action>

Luke.

Ben Alex wrote:

have you considered providing XACML and RBAC support in Acegi?

I did look at similar standards during the design phase of Acegi. Not all of
them, but certainly quite a few.

I ended up going with a solution that would fit our internal needs but be
reasonably extensible/pluggable. I'd certainly welcome code from the
community which illustrates these alternative approaches and how they might
plug into Acegi Security.

Best regards
Ben

--
 Luke Taylor.                      Monkey Machine Ltd.
 PGP Key ID: 0x57E9523C            http://www.monkeymachine.ltd.uk

------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click _______________________________________________ Acegisecurity-developer mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Re: [Acegisecurity-developer] Standards-based Access Control (XACML, RBAC)

Reply via email to