OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: RE: [security-services] Multiple Actions in AuthorizationDecision Query

Title: RE: [security-services] Multiple Actions in AuthorizationDecisionQuery

I believe we discussed this last summer and the general feeling was that the PDP had a choice of responding "Yes" with the list of just those actions which are allowed or "No" with the complete list. The main point was that in accepting the idea of multiple actions, we did not want to create a complex set of error handling rules.


> -----Original Message-----
> From: NISHIMURA Toshihiro [mailto:nishimura.toshi@jp.fujitsu.com]
> Sent: Wednesday, January 16, 2002 12:11 PM
> To: security-services@lists.oasis-open.org
> Subject: [security-services] Multiple Actions in
> AuthorizationDecisionQuery
> This issue is similar to ISSUE:[DS-11-05: MultipleActions] and
> ISSUE:[DS-11-01: MultipleSubjectAssertions], and it must be solved.
> 1024 The <AuthorizationDecisionQuery> element is used to make
> the query “Should these
> 1025 actions on this resource be allowed for this subject,
> given this evidence?” The response will be in
>      *******
> 1026 the form of an assertion containing an authorization
> decision statement.
> ***********************************
> How the PDP should respond if some actions are allowed and others are
> not?
> (Default value of <RespondWith> element is "SingleStatement".)
> Thanks,
> Toshi
> nishimura.toshi@jp.fujitsu.com
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC