[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Quality of Service (aka Parameterized Decisions) UseBlurb
Bill Parducci wrote: > The reason that there is a many-to-one ratio of requestedResources to > physicalResources is that it is impractical to require the PEP to query > all possible resourceInstances for access. additionally, the Subject > may have access to both systems but the *preferred*/priority is given > to the "better" system unless it unavailable (which introduces another > concept "fall back decisions", but that is a note on a different day > since it would only make sense IF parameterized decisions were > possible ;o) This is similar to a requirement we have been discussing in our work with network based defense. I some cases we would like to differentiate between regular permissions and "emergency" permission, so that the use of the latter would be logged in a special manner and audited more thoroughly than other accesses. The logging requirement can easily be expressed in an obligation, but if there is both a regular permission and an emergency permission for the same access, we would like the regular permission to take over so that no special auditing will be done. Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]