incubator-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Incubator Wiki] Update of "OpenAZProposal" by HadrianZbarcea
Date Tue, 06 Jan 2015 03:04:10 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Incubator Wiki" for change notification.

The "OpenAZProposal" page has been changed by HadrianZbarcea:
https://wiki.apache.org/incubator/OpenAZProposal?action=diff&rev1=6&rev2=7

  The XACML language is essentially a set of expressions which evaluate to a Boolean. If true
the policy is said to be applicable. The Policy contains permit or deny and may include Permissions
and or Advice. If policies disagree we resolve the conflict with combining algorithms. XACML
provides some standard ones and you can implement your own. Mostly they are common sense like
drop non-applicable polices. A commonly used algorithm is default deny. Deny overrides permit.
  
  = Rationale =
- Access Control may be the most basic security service, but for the most part it remains
primitive in practice. While other services like message protection and authentication have
seen many advances in recent years and decades, deployed access control systems are opaque,
difficult to us and harder to manage. Most organizations claim that they have security policies,
protect privacy and accurately report financial results, but in practice they have no real
way of discovering whether their systems actually behave the way they are alleged to do.
+ Access Control may be the most basic security service, but for the most part it remains
primitive in practice. While other services like message protection and authentication have
seen many advances in recent years and decades, deployed access control systems are opaque,
difficult to use and harder to manage. Most organizations claim that they have security policies,
protect privacy and accurately report financial results, but in practice they have no real
way of discovering whether their systems actually behave the way they are alleged to do.
  
  Just the foreground problems relating to deploying practical ABAC systems make a formidable
list. If only the PDP knows what the policies are, how do we make sure it gets the attributes
it needs to evaluate policies? How can we name organize, register and dispatch Obligations
and Advice, allowing handlers to be provided by the system and added by users? How can the
XACML 3.0 feature of being able to create your own attribute categories best be supported
by the infrastructure and utilized by users? What are the best ways to create and test policies?
What tools will best help us analyze the effects of the policies in force?
  
@@ -136, +136 @@

  The project will use JIRA for issue tracking.
  
  = Initial Committers =
- Rich Levinson Hal Lockhart Prateek Mishra David Laurance Duanhua Tu Ajith Nair Srijith Nair
Pam Dragosh Chris Rath
+  * Rich Levinson 
+  * Hal Lockhart 
+  * Prateek Mishra 
+  * David Laurance 
+  * Duanhua Tu 
+  * Ajith Nair 
+  * Srijith Nair 
+  * Pam Dragosh 
+  * Chris Rath
  
  = Affiliations =
- Rich Levinson, Hal Lockhart and Prateek Mishra work for Oracle. David Laurance, Duanhua
Tu and Ajith Nair work for JP Morgan-Chase. Srijith Nair works for Axiomatics. Pam Dragosh
and Chris Rath work for AT&T.
+  * Rich Levinson, Hal Lockhart and Prateek Mishra work for Oracle. 
+  * David Laurance, Duanhua Tu and Ajith Nair work for JP Morgan-Chase. 
+  * Srijith Nair works for Axiomatics. 
+  * Pam Dragosh and Chris Rath work for AT&T.
  
  = Sponsors =
  == Champion ==
  Paul Fremantle
  
  == Nominated Mentors ==
- Emmanuel L├ęcharny, Colm O hEigeartaigh and Hadrian Zbarcea
+  * Emmanuel L├ęcharny
+  * Colm O hEigeartaigh
+  * Hadrian Zbarcea
  
  == Sponsoring Entity ==
  The Sponsoring Entity will be the Incubator.

---------------------------------------------------------------------
To unsubscribe, e-mail: cvs-unsubscribe@incubator.apache.org
For additional commands, e-mail: cvs-help@incubator.apache.org


Mime
View raw message