[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Open issue 66
All, I propose that issue 66, "Missing attributes may be underspecified", to be closed without action. The issue has been up there a long time with no proposals for a solution. In addition to that, I believe it is technically impossible to provide a solution. The reason someone gets a not-applicable from the PEP is because "there is no policy which applies". In general there is no way to describe in the form of "missing attributes" what the PEP needs to provide for the policy to apply. Policies can be much too complex for this. In particular, a policy could be NotApplicable because an attribute is present, for example. Or it might require that three particular integer attributes form a pythagorean tripple. How do you express that as "missing attributes"?! And we demonstrated in the RSA interop that obligations can be used to handle simple use cases where some attributes can be expected to be missing. An obligation can be used to mark the part of the policy which required an attribute, and the obligation can then be returned by the PDP if the attribute is missing. Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]