OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: AW: [xacml-users] XACML 3.0 Obligations


Hi Andrea,

Obligations are a hook within xacml to return any functional effect after/during policy evaluation. Regarding your already challenging work item for your thesis I would suggest you abstract from the obligation element (make sure not to abstract from the <condition> element as others did, because this is too simplifying in practice from - my point of view).

All the best for your work

Greetings

jan

 

 

Von: Andrea Margheri [mailto:margheri.andrea@gmail.com]
Gesendet: Donnerstag, 3. Mai 2012 20:02
An: xacml-users@lists.oasis-open.org
Betreff: [xacml-users] XACML 3.0 Obligations

 

Hi,

I’m a student of University of Florence and I’m doing a master thesis on XACML 3.0 and the use of obligations. I’m trying to define a formal semantic for  XACML 3.0 and I don’t understand how Obligations are managed by the PEP with Base algorithm.  In fact in section 7.2.1 the standard says: “PEP shall permit access only if it understands and it can and will discharge those obligations”  but it doesn’t say which is the decision of PEP when it can’t understand the obligations, is it deny or indeterminate? And for a PDP authorization decision “Deny” with unsuccessful obligation, it becomes indeterminate?

Thanks

Andrea



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]