[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
In regards Obligations, as I understand, they do not do activities, they provide information that can be used to do some actions by PDP caller.
I actually have my own qs related to that. Let us assume that I have 10 policies that authorize an access to a resource. Each of these policies can block the access. The business rules require to let authz service consumer know why the access was denied (if it's denied).
Is it complinat with XACML model if I return a "show-deny-reason" obligation that would contain explanation in plain English why the access has been denied?
Authorization service consumer could use this information to inform the front end user.
--- On Thu, 12/11/08, Balaji Kannadassan <balajika@nortel.com> wrote:
> From: Balaji Kannadassan <balajika@nortel.com>
> Subject: [xacml-users] Help on Condition ?
> To: xacml-users@lists.oasis-open.org
> Date: Thursday, December 11, 2008, 8:03 AM
> Hi All!
>
> I couldn't understand the use of condition tag :-(.
> Can someone brief
> me on the same and it would be helpful, BTW obligation is
> usually
> request rt in plain english :-), Why is that it has been
> said that
> Obligation are must do kind of activities ? just interested
> to know..
>
> Thanks
> Balaji Kamal Kannadassan
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]