[Attempto] ACE for XACML?

Brad Cox bradjcox at gmail.com
Sun Nov 14 23:26:05 CET 2010

Previous message: [Attempto] ACE for XACML?
Next message: [Attempto] ACE for XACML?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

No response? Can someone please advise.

Where I'm stuck is bog-stupid stuff that connects with my procedural
background. All the examples are "Bob loves Mary" stuff, which I can't
bridge to my "if the contents of field X is "Y" kind of problem. For
example, I think I need to begin by teaching it XACML request
structure and what amounts to assignment statements. Once the stupid
stuff is in hand I'll move on to policy statements which are far more
involved.

Here's a first shot, that does compile in AceView.

Every request R has a resource
and has a action
and has an environment
and has a subject.

Every subject S has a id
and has a cn
and has a sn
and has a citizenshipstatus
and has a clearance
and has a countryofcitizenship
and has a dutyoccupationalcode
and has a extendedgroup
and has a fasc-n
and has a geographicsubregion
and has a organizationid
and has a paygrade
and has a payplan
and has a personnelcategorycode
and has a scicontrols
and has a distinguishedname
and has a employeetype
and has a objectclass
and has a uniqueidentifier.

Notice the two levels; requests contain subjects which contain other
stuff. How do I specify "the uniqueidentifier of the request's
subject? Is that even possible, or must it all stay flattened?

Then how to assign values. Here's what I've tried:

The id of S is "Steve Finn".

The cn of S is "Steve Finn".

The sn of S is "Finn".

The citizenshipstatus of S is "True".

The clearance of S is "T".

I wind up with a bunch of numbered individual data properties that aren't
connected to each other (i.e. no relation to the XACML structure).

On Sun, Nov 14, 2010 at 9:41 AM, Brad Cox <bradjcox at gmail.com> wrote:
> I'm looking at ACE as a way of making XACML policies approachable by
> non-experts. Does anyone know of related work I could build on? There
> are several PDF's that mention both Attempto and XACML. I'm hoping for
> actual code, or at least examples.
>

-- 
Cell: 703-594-1883
Blog: http://bradjcox.blogspot.com
Web: http://virtualschool.edu
Manassas VA 20111

Previous message: [Attempto] ACE for XACML?
Next message: [Attempto] ACE for XACML?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the attempto mailing list