[jboss-dev-forums] [PicketBox Development] - Re: Get something started with XACML - Requirements Discussion
Christian QD93S7
do-not-reply at jboss.com
Fri Aug 10 10:41:20 EDT 2012
Christian QD93S7 [https://community.jboss.org/people/ceebee] created the discussion
"Re: Get something started with XACML - Requirements Discussion"
To view the discussion, visit: https://community.jboss.org/message/753046#753046
--------------------------------------------------------------
the policy modeller as part of the info security team- interesting point. I thought the possible advantage of XACML -besides from interop- is the ability to change and adapt existing access rules while the system is running, i.e. is already developed. So if we restrict the ability to change the rules to specialized people, it tends to get adjusted one time or twice in the lifecycle of the software. It is not much different from hardcoding the rules in the software. If we really want to use the advantage, we need to enable the business guys to understand what happens.
But I haven't seen such a system working. So as you describe it - this organization has some procedure to work with "meta-rules" and then they give the order to change to the security team. The question is, how often occur changes ?
But even if you have specialized people- the policysets get big and complex and so the GUI should really be able to structure them according to different perspectives (like eclipse perspectives) There might be an application perspective, an organization perspective, a dictionary. It is a special kind of rule management system. There have been various attempts to write good editors, see http://www.tfgordon.de/publications http://www.tfgordon.de/publications. But it is worth a try.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/753046#753046]
Start a new discussion in PicketBox Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2088]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120810/141c601e/attachment.html
More information about the jboss-dev-forums
mailing list