OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Break the Glass policies


FYI, the way I have implemented this in the past is by hitting a point 
in the policy evaluation where a well-known BTG attribute is required. 
This can only be supplied by the PEP, so the result is indeterminate and 
the accompanying detail is that this attribute was missing. This signals 
the PEP that it should prompt the user for whether or not they want to 
proceed.

Personally, I like this style over a new kind of return value, since the 
first evaluation really isn't resulting in a decision. In other words, 
the result (to my mind at least) is that the PDP needs to know more 
before proceeding, which is what Indeterminate means. Hope this helps..


seth

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]