[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Is authorization decision a postcondition?
It just occurred to me that there is a substantive question related to this. Currently, a policy conflict occurs when you have 2 or more rules and they get different answers. Presumably this means how you decide to allow or not allow access. But what about the various post conditions associated with the rules? How does the PDP decide which post conditions should occur?
The simplest scheme is that if the conflict is resolved to true, then all the post conditions that are associated with rules that evaluate to true must occur and those associated with rules that evaluate to false are not required to occur. But is this the right answer?
Hal
> We need to decide as a matter of terminology, whether the
> decision to allow or prohibit access is considered one of the
> post conditions (presumably mandatory) or is it considered a
> seperate thing? Personally I don't feel strongly either way,
> but I would like to be clear on what is meant when the term
> post conditions is used.
>
> Hal
>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC