You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Warren Strange (JIRA)" <ji...@apache.org> on 2011/09/23 20:18:26 UTC
[jira] [Commented] (SHIRO-292) Add XACML PDP interface
[ https://issues.apache.org/jira/browse/SHIRO-292?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13113631#comment-13113631 ]
Warren Strange commented on SHIRO-292:
--------------------------------------
Hi Les,
I didn't file the bug but have a couple of comments.
XACML support could mean a lot of things, but some possible features could be things like:
- Support expressing Shiro policies in XACML
- Integrate Shiro with a XACML PDP - so that runtime decisions are made by the PDP (and maybe cached by Shiro?)
- Support more "XACML"ish features in the API. For example, XACML has Obligations
(allow this operation, but you must log the result, etc..).
Whether or not these are actually useful features, I can not say :-)
I think most of the XACML use cases are outside the bounds of a single application (e.g. Enterprises wanting
to administer policy in a central location). Whether or not this makes sense for Shiro is an open question.
I can see Obligations as being an interesting feature for the API - but am not sure how you would make it sufficiently generic.
> Add XACML PDP interface
> -----------------------
>
> Key: SHIRO-292
> URL: https://issues.apache.org/jira/browse/SHIRO-292
> Project: Shiro
> Issue Type: Wish
> Components: Authorization (access control)
> Reporter: Michael Fiedler
> Labels: features
>
> The request is to add the XACML PDP interface to Shiro. This would be another way to get an authorization decision result.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira