[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] XACML Issues List Version 01
On Thu, 10 Jan 2002, Pierangela Samarati wrote: > Hi, > > > I too would like to see actions in this context. > > in today's TC concall, some people mentioned that "action" is already used > with different semantics (=the operation the principal is requesting). > that's true, so we should find another term. Probably, but I would really like to understand the nature of this beast. > the point is, however, that the semantics of "postconditions" now seems > really to be a reaction of the system, not the evaluation of a state, so > terminology should reflect the semantics. Well, I had oringally thought that a "post-condition" would be something that would be true if the policy evaluated to true according to its input. That is, a "post-condition" should be a logical consequence, but maybe not fully derivable by all available information. This post-condition would merely be some advice to the evaluator. Such as Policy stating that: Subject is in Role of MissleLauncher to the Resource of Missle on Action Launch. Post-condition Subject is dangerous. > > However, I have a question. What is the purpose for actions (i.e. these > > post conditions) after checking a policy? What types of actions are > > allowed? > > examples that were brough up for post-conditions were things like > "logging the request", essentially they are actions that the system > executes in response to granting an access, or simply having evaluated > the authorizations (discussion on the specific behavior is still > open). > > > Do they change the state of the policy? > > if you mean the set of rules i guess the answer is no (they should not > change the rules). but again, post-conditions are one of the issues > which have not discussed fully. Hmmmm, I really don't like the fact that these post conditions mandate that some generic operation be performed, i.e. it could be used to alter state, especially the state of the policy. I guess we should discuss this further? -Polar > best > -p > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC