OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: access control information (formerly... Strawman)



One question, are you talking about having authorization information
included in credentials stating a persons particular bank balance?

-Polar

On Mon, 11 Jun 2001, Simon Y. Blackwell wrote:

> The problem with "insufficient funds to access" is it requires an
> understanding of the meaning of the constraint "balance > $5,000". (Yes, I
> know by policy example was not precisely in this form ...). To avoid the
> requirement that the policy engine actually understand the semantics of the
> constraint, I suppose it could return "balance < ?required-amount" which
> would only require programming the policy engine such that it understood the
> semantics of some finite set of operators. It still gets pretty ugly though.
>
> > -----Original Message-----
> > From: bill parducci [mailto:bill@parducci.net]
> > Sent: Monday, June 11, 2001 3:53 PM
> > To: 'xacml@lists.oasis-open.org'
> > Subject: access control information (formerly... Strawman)
> >
> >
> > /*
> > For the most part these situations can be reduced to things
> > of the form
> > "If you don't tell me that I need a $5,000 balance to access your
> > services, how do I know what to do to comply?".
> > */
> >
> > good point. however, should the response be 'you need $5,000 to have
> > access' or 'insufficient funds to access'? i know to some
> > this may seem
> > pedantic, but the former message provides the requestor with specific
> > information regarding your ACL.  (imagine the case of 'denied: not
> > memeber of xyz group')
> >
> > /*
> > Once again, we should leave the decision whether or not to
> > expose policy
> > to the expression of the policy itself.
> > */
> > ultimately, this may be the only workable solution. (although, let's
> > shoot a couple of prisoners first and see how it goes to make sure :o)
> >
> > b
> >
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC