[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: AW: [xacml-users] XACML 3.0 Obligations
Hi Andrea, Obligations are a hook within xacml to return any functional effect after/during policy evaluation. Regarding your already challenging work item for your thesis I would suggest you abstract from the obligation element (make sure not to abstract from the <condition> element as others did, because this is too simplifying in practice from - my point of view). All the best for your work Greetings jan Von: Andrea Margheri [mailto:margheri.andrea@gmail.com] Hi, I’m a student of University of Florence and I’m doing a master thesis on XACML 3.0 and the use of obligations. I’m trying to define a formal semantic for XACML 3.0 and I don’t understand how Obligations are managed by the PEP with Base algorithm. In fact in section 7.2.1 the standard says: “PEP shall permit access only if it understands and it can and will discharge those obligations” but it doesn’t say which is the decision of PEP when it can’t understand the obligations, is it deny or indeterminate? And for a PDP authorization decision “Deny” with unsuccessful obligation, it becomes indeterminate? Thanks Andrea |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]