[jira] [Commented] (SHIRO-292) Add XACML PDP interface

["Warren Strange (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/SHIRO-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13113631#comment-13113631 ] 

Warren Strange commented on SHIRO-292:
--------------------------------------

Hi Les, 

I didn't file the bug but have a couple of comments. 

XACML support could mean a lot of things, but some possible features could be things like:

- Support expressing Shiro policies in XACML 
- Integrate Shiro with a XACML PDP - so that runtime decisions are made by the PDP (and maybe cached by Shiro?)
- Support more "XACML"ish features in the API. For example, XACML has Obligations 
 (allow this operation, but you must log the result, etc..).  

Whether or not these are actually useful features, I can not say :-) 

I think most of the XACML use cases are outside the bounds of a single application (e.g. Enterprises wanting
to administer policy in a central location).  Whether or not this makes sense for Shiro is an open question. 


I can see Obligations as being an interesting feature for the API - but am not sure how you would make it sufficiently generic. 








> Add XACML PDP interface
> -----------------------
>
>                 Key: SHIRO-292
>                 URL: https://issues.apache.org/jira/browse/SHIRO-292
>             Project: Shiro
>          Issue Type: Wish
>          Components: Authorization (access control) 
>            Reporter: Michael Fiedler
>              Labels: features
>
> The request is to add the XACML PDP interface to Shiro.  This would be another way to get an authorization decision result.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira