OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Multiple Actions in AuthorizationDecision Query

Hal,
 
Part of the complexity here arises out of the use of the <RespondWith>
element,
whose value has been set to: <SingleStatement> in the example below.
 
We do not have clear processing rules for this element in core-25.
 
- prateek 

-----Original Message-----
From: Hal Lockhart [mailto:hal.lockhart@entegrity.com]
Sent: Wednesday, January 16, 2002 6:09 PM
To: 'NISHIMURA Toshihiro'; security-services@lists.oasis-open.org
Subject: RE: [security-services] Multiple Actions in AuthorizationDecision
Query



I believe we discussed this last summer and the general feeling was that the
PDP had a choice of responding "Yes" with the list of just those actions
which are allowed or "No" with the complete list. The main point was that in
accepting the idea of multiple actions, we did not want to create a complex
set of error handling rules.

Hal 

> -----Original Message----- 
> From: NISHIMURA Toshihiro [ mailto:nishimura.toshi@jp.fujitsu.com <mailto:
nishimura.toshi@jp.fujitsu.com> ] 
> Sent: Wednesday, January 16, 2002 12:11 PM 
> To: security-services@lists.oasis-open.org 
> Subject: [security-services] Multiple Actions in 
> AuthorizationDecisionQuery 
> 
> 
> This issue is similar to ISSUE:[DS-11-05: MultipleActions] and 
> ISSUE:[DS-11-01: MultipleSubjectAssertions], and it must be solved. 
> 
> 1024 The <AuthorizationDecisionQuery> element is used to make 
> the query ?gShould these 
> 1025 actions on this resource be allowed for this subject, 
> given this evidence??h The response will be in 
>      ******* 
> 1026 the form of an assertion containing an authorization 
> decision statement. 
>                                          
> *********************************** 
> 
> How the PDP should respond if some actions are allowed and others are 
> not? 
> (Default value of <RespondWith> element is "SingleStatement".) 
> 
> Thanks, 
> Toshi 
> nishimura.toshi@jp.fujitsu.com 
> 
> ---------------------------------------------------------------- 
> To subscribe or unsubscribe from this elist use the subscription 
> manager: < http://lists.oasis-open.org/ob/adm.pl <http://lists.oasis-open.
org/ob/adm.pl> > 
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC