[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
Seth, Thanks for answering. When you wrote "express in policy", did you mean to create an example of policy that would demonstrate that? If this is the case I can work on it. I actually have such a policy set, but it's proprietary, so I'll probably need to create a new more generic one. In regards specific requirements, please do consider adding expressions to obligations as I and other people had suggested in the past. It would make the obligations more dynamic. Example: I want to return an error message: "The access to the bill pay service has been denied because you exceeded the total maximum of $10000 in 6-month period" where $10000 and 6-month are environment attributes. I didn't find a way of creating such an obligation within current spec. --- On Thu, 12/11/08, Seth Proctor <Seth.Proctor@sun.com> wrote: > From: Seth Proctor <Seth.Proctor@sun.com> > Subject: Re: [xacml-users] Help on Condition ? <-- Obligations > To: oleg@gryb.info > Cc: xacml-users@lists.oasis-open.org, "Balaji Kannadassan" <balajika@nortel.com> > Date: Thursday, December 11, 2008, 12:25 PM > Hi Oleg. > > > Is it complinat with XACML model if I return a > "show-deny-reason" > > obligation that would contain explanation in plain > English why the > > access has been denied? > > This is definitely valid. Actually, this very use-case is > being discussed > right now by the TC. Do you want to express this kind of > logic in a > policy? Do you have any specific requirements that > you'd like to share? > > > seth > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > xacml-users-unsubscribe@lists.oasis-open.org > For additional commands, e-mail: > xacml-users-help@lists.oasis-open.org
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]