[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Obligations
you make a good point, however, i for one am not suggesting that the PEP *perform* all obligations to effect a grant. what i have proposed is that the PEP must *understand* the obligations to do so. to use your example this means that the PEP must know what "delete record after 60 days" means to allow access. to my mind, a lack of understanding on teh part of the PEP is clearly an ERROR condition, and that will most certainly result in a deny. b Polar Humenn wrote: > I don't like the proposal that if the PEP cannot perform all intended > obligations on a Permit that the access decision should be "Deny". > > It really begs the question of the PDP knowing what the PEP can or cannot > fulfill in its policy evaluation, because it implies that if the > obligation cannot be fulfilled by the PEP, that according to the proposal, > it is actually really a Deny. > > Even leaving the PDP out of it, the PEP may not know if it could fulfill > any operations until the PEP actually tries it. In simplist scenario, the > obligation may not even terminate, or may be something like "delete record > after 60 days" as has been pointed out. > > I think there may solution for that problem which is illustrated in a > paper by Nafty Minsky. It's quite old, 1985, but might be to the point. > The citation is below. I'll put the approach in our context: > > Since the PDP is asked by the PEP for a specific access request, we might > want the PEP (or some other entity under control of the PEP) to keep track > of enacted obligations and make sure that they are fulfiled. > > Obligations have the form of a triple of (deed,deadline,saction) where the > semantics are to the PEP: The obligation says that the deed must be > fullfilled by the deadline, or else the sanction will be executed (i.e. > rectifying the situation). No, the sanction cannot be "deny". > > You have to take the following philosophy: > > Access has been granted with certain obligations and if obligations are > not fullfiled (by the deadline), then something is done to rectify the > situation, i.e. possibly: for being granted access some punishment is upon > you for not fullfilling the obligations. > > This approach allows the PDP to tell the PEP what to do in the event that > the PEP cannot enforce the obligations to be met, within some time frame, > instead trying to figure out whether obligations like (delete record in 60 > days) can be fullfiled. > > The Citation. It is avalable off of the ACM Portal. > > Proceedings of the 8th international conference on Software engineering > 1985 , London, England > > Ensuring integrity by adding obligations to privileges > > Authors > Naftaly H. Minsky > Abe D. Lockman > > Sponsors > IEEE-CS : Computer Society > SIGSOFT : ACM Special Interest Group on Software Engineering > > Publisher > IEEE Computer Society Press Los Alamitos, CA, USA > > Pages: 92 - 102 Proceeding-Article > Year of Publication: 1985 > ISBN:0-8186-0620-7 > > > Cheers, > -Polar > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC