xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] RE: REST API follow up
- From: Craig R Forster <cforster@us.ibm.com>
- To: <remon.sinnema@emc.com>
- Date: Thu, 31 May 2012 18:08:04 -0500
My opinion on this is that the core specification clearly states what to do when a PolicyIdReference or PolicySetIdReference can't be resolved:
If resolving the reference fails, the reference evaluates to “Indeterminate” with status code urn:oasis:names:tc:xacml:1.0:status:processing-error.
Let clients of the PAP upload policies as they see fit, and let the runtime resolve the references and return Indeterminate if the references can't be resolved.
Regards,
Craig
-------
craig forster | technical lead, tivoli security policy manager
cforster@us.ibm.com
-------
---05/31/2012 05:54:49 PM---Danny, From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Danny Thorp
From: |
<remon.sinnema@emc.com> |
To: |
<Danny.Thorpe@quest.com>, |
Cc: |
<xacml@lists.oasis-open.org> |
Date: |
05/31/2012 05:54 PM |
Subject: |
[xacml] RE: REST API follow up |
Sent by: |
<xacml@lists.oasis-open.org> |
Danny,
From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Danny Thorpe
Sent: Thursday, May 31, 2012 9:02 PM
To: xacml@lists.oasis-open.org; Sinnema, Remon
Subject: [xacml] REST API follow up
> The only unresolved discussion point in my mind is the matter of whether policy references must be fully resolvable
> when a policy revision is POSTed to the server. I believe the current proposal states that all policy references must
> be resolvable and validated or the server must reject the post. I understand the Admin profile requires "late bound"
> policy references which may only be resolvable in the context of a particular auth request.
I've added a section about different types of PAPs and how they may respond differently. That should make the server's behavior sufficiently underspecified to allow for both scenarios, while still providing useful interop possibilities. Let me know what you think.
Thanks,
Ray
---------------------------------------------------------------------
To unsubscribe, e-mail: xacml-unsubscribe@lists.oasis-open.org
For additional commands, e-mail: xacml-help@lists.oasis-open.org
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]