OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] obligations & error conditions


On Tue, 13 Apr 2004, Bill Parducci wrote:

> > For example, Access to opening the freezer door from the inside. "Deny
> > with obligation to ring security desk."
> >
> > Mary is denied opening the door because her card doesn't work. It's -30
> > degrees in the freezer. The phone at the security desk is busy, because
> > Bob, the guard, is talking to his mom.
> >
> > The PEP following the XACML 2.0 specification, Denies, and declaring a
> > "best effort" in contacting the security desk gave up discharging its
> > obligation with no consequence.
>
> not really. two things happened:
>
> (1) the PEP did whatever it is configured to do when it receives an error
> condition (log, beep, burp, blink, turn itself off... whatever is necessary to
> raise the awareness that something did not operate properly)

The Result is Deny. And as currently written (I didn't change the Deny
part), the spec says it must make a "best-effort" in discharging the
obligation. It's not an error. Access is denied, no call is made.

> (2) the subject was not granted access to the resource for precisely the same
> reasons why *every* other XACML v2.0 compliant PEP (without the understanding
> and capabilities to discharge the obligations emanating from this PDP for this
> decision) would do the same.

Mary's dead, you heartless scowl. :)


Seriously, if we change skew to be equal on Deny as with Permit, I'd happy
with it.

Cheers,
-Polar

> b
>
>
> To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]