Dan Gradl [
https://community.jboss.org/people/dgradl] created the discussion
"Re: Get something started with XACML - Requirements Discussion"
To view the discussion, visit:
https://community.jboss.org/message/753039#753039
--------------------------------------------------------------
In the XACML impl I worked on it the thought had been that the policy modeller would be
part of the info security team, even in a PAP this takes some specialized skill. However
without a PAP it fell to developers to craft the XML policies. There was also a need to
delegate control over some of the details to a variety of different people (business
users, customer power users). They wouldn't write policies per say but have control
over some of the "constraints" defined by the policies and the UI would be
simplified greatly to where it needed little to no training/additional skill.
I like your thinking on the DSL.. that idea had been bouncing around in my head as well.
Although, I was thinking it could directly drive the PDP... I see the value in XACML being
the data and logical model and not so much in the fact that it uses XML. That is to say I
don't see any particular value in generating XML other than the fact that the current
PDP drives off of it. Many of the COTS drive off a database representation of the
entities. Also, I think a DSL may be a good interim step in creating a usable PAP, but
that ultimately it needs a UI on top of it for easiest learning curve.
--------------------------------------------------------------
Reply to this message by going to Community
[
https://community.jboss.org/message/753039#753039]
Start a new discussion in PicketBox Development at Community
[
https://community.jboss.org/choose-container!input.jspa?contentType=1&...]