While it is difficult to design a general purpose xacml editor without requiring the user to have extensive xacml knowledge, it should definitely be possible to create context based editors for XACML rules. Suppose you are creating XACML policies for your web application, then you can have an editor that is specific to the web application domain. This domain based editor approach will avoid the requirement of xacml knowledge. The policies can be designed in the domain semantics.
If you have some free time to kill and want to understand XACML better, I certainly recommend taking a peak at the Fedora XACML document ( I did not write it or was associated with the project).
One of the favorite topics broached by XACML designers is the concept of date/time as part of the environment attributes.
You should be able to create XACML policies with rules such as:
- Deny requests to web applications between 5pm and 8am CDT.
You should embed the current time as part of your XACML request during tests such that they simulate a request occurring at a particular time - rather than when the test is run. :)
You should definitely take a look at the XML Date and Time functions including Timezone configuration as listed here.
Post a Comment