[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] 7.7 Obligations
if i remember correctly from the discusssions of the use case with this requirement, an example obligation upon DENY was something like result: DENY obligation: log to X b Daniel Engovatov wrote: >>not sure how you come to this conclusion: conformance is now more difficult > > for the reasons stated above. rather > >>than taking the position: > > >>"if you don't understand the decision, effectively DENY--ALL PEPs behave > > the SAME" > > Pardon me for repeating a question: why DENY? Is not a decision with > obligation just another kind of decision - and when an unambiguous and > deterministic decision is reached - XACML land ends. Enforcement point may > lock you out of a building, or open floodgates and drown your town - on > either PERMIT, or DENY. Or shut itself down when it cannot understand the > obligation. It does not seem to me that the action taken by PEP is in the > scope of XACML at all. > > And I agree - adding any protocol to communicate whether PEP understands > anything is an unworkable complexity.. > > Daniel;
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC