OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] combining algorithm paper


Hi Bill,

I think where we are at now is that the focus here is on simply how to 
determine
which Obligations (/Advice) are returned for a given combining 
algorithm. Also,
we are aware that there is some determinacy/indeterminacy, such as if there
is an X-overrides Policy, then if an X is encountered, then only the Obs 
assoc
w that X are returned. In unordered, the result is non-deterministic 
since if
multiple X's can be evaluated, only the one that happens to be first to 
return
an X will have its Obs returned. The identical request re-submitted could
have a different X and thus a different set of Obs returned.

However, if the policy is ordered-X-overrides, then things are 
deterministic.

Given that only one X is returned, there is a question of why should there
be multiple Y's returned if no X is encountered?

This will be examined a little further in order to specify what the 
current behavior
is in this context, and depending on where it ends up we may add 
clarifying text,
however, the text right now is considered to be correct.

Other options would be beyond 3.0 and included w the Families discussion.

   Thanks,
   Rich


On 6/29/2011 12:11 PM, Bill Parducci wrote:
> I suggest that until we have a mechanism to define which Obligations (Families) are supported within a given environment, Obligation combination is not a solvable problem. I think that this is something that the "meta schema" may be able to address.
>
> b
>
> On Jun 29, 2011, at 8:48 AM, rich levinson wrote:
>
>> The paper we are discussing is available from:
>>   https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-9-report.pdf
>>
>> There is an update to this paper on ACM that has some significant
>> changes, however the main points remain primarily intact:
>> There are details on where this paper appeared and access info at end:
>>
>>
>> Access Control Policy Combining: Theory Meets Practice
>>
>> Ninghui Li, Qihua Wang, Wahbeh Qardaji, Elisa Bertino, Prathima Rao
>> Purdue University, Department of Computer Science
>> 305 N. University Street, West Lafayette, IN 47907,USA
>> {ninghui, qwang, wqardaji, bertino, prao}@cs.purdue.edu
>> Jorge Lobo
>> IBM T.J. Watson Research
>> Center
>> Hawthorne, NY, USA
>> lobo@us.ibm.com
>> Dan Lin
>> Missouri University of Science
>> and Technology
>> 500 West 15th Street, Rolla,
>> MO 65409
>> lindan@mst.edu
>>
>>
>> Permission to make digital or hard copies of all or part of this work for
>> personal or classroom use is granted without fee provided that copies are
>> not made or distributed for profit or commercial advantage and that copies
>> bear this notice and the full citation on the first page. To copy otherwise, to
>> republish, to post on servers or to redistribute to lists, requires prior specific
>> permission and/or a fee.
>> SACMAT’09, June 3–5, 2009, Stresa, Italy.
>> Copyright 2009 ACM 978-1-60558-537-6/09/06 ...$5.00.
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe from this mail list, you must leave the OASIS TC that
>> generates this mail.  Follow this link to all your TCs in OASIS at:
>> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
>>


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]