[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] on postconditions
Simon writes: > Post-condition is executed after the rule fires and does not affect > grant/deny outcome of the rule. I thought this was only true of *external* post-conditions? I thought that an internal post-condition must be executed (by the PDP) BEFORE the response is asserted, and therefore does affect the outcome... The spec sez: "...Post-condition - A process specified in a rule that must be completed in conjunction with access. There are two types of post-condition: an internal post-condition must be executed by the PDP prior to the issuance of a "permit" response, and an external post-condition must be executed by the PEP prior to permitting access..." I'm assuming that the "musts" here imply that the required actions are successfully executed. Is this not the case? | John S. Erickson, Ph.D. | Hewlett-Packard Laboratories | PO Box 1158, Norwich, Vermont USA 05055 | 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax) | john_erickson@hpl.hp.com AIM/YIM/MSN: olyerickson
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC