On 10/20/22 19:05, Pascal Jakobi wrote:
R:Years ago, we created an XACML server that is RBAC profile compliant : https://projects.ow2.org/view/authzforce/.
Question is : how do you represent roles, especially in a security-critical context such as the one I work in. For such a matter, attribute certs might be an answer : signature, delegation, etc. Also usable for security clearances, etc.
I know the concept which was many moons ago driven by David Chadwick. But it never really took off and everybody's using other concepts nowadays.
BTW. I will look again into pmi.[schema|ldif], but I could not find attribute certificates at first.
I think it's aACertificate.
It seems to me that it only provides the PMI (=Privilege Mgmt Infra., the equivalent of a PKI for id certs) schema.
I have only vague memories about who submitted this schema file and why.
Ciao, Michael.