On 10/20/22 19:05, Pascal Jakobi wrote:
R:Years ago, we created an XACML server that is RBAC profile compliant :
https://projects.ow2.org/view/authzforce/.
Question is : how do you represent roles, especially in a
security-critical context such as the one I work in. For such a matter,
attribute certs might be an answer : signature, delegation, etc. Also
usable for security clearances, etc.
I know the concept which was many moons ago driven by David Chadwick.
But it never really took off and everybody's using other concepts nowadays.
BTW. I will look again into pmi.[schema|ldif], but I could not find
attribute certificates at first.
I think it's aACertificate.
It seems to me that it only provides
the PMI (=Privilege Mgmt Infra., the equivalent of a PKI for id certs)
schema.
I have only vague memories about who submitted this schema file and why.
Ciao, Michael.
