OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml-comment] [xacml] error conditions. Forwarded message from billparducci.

[I am taking the liberty of forwarding this comment that was
submitted by Bill Parducci to the xacml@lists.oasis-open.org
mailing list, rather than to xacml-comment -aha]
------- start of forwarded message -------
From: bill parducci <bill.parducci@overxeer.com>
To: xacml <xacml@lists.oasis-open.org>
Subject: [xacml] error conditions
Date: Fri, 22 Nov 2002 10:37:15 -0800

I think that there is some inconsistency with error condition responses of the PDP as communicated to the PEP. 

In some cases a decision of INDETERMINATE is returned without an accompanying status code (pdf:4502, 4605, 4664, 4799), while in others a status code is required (pdf:4715, 4755). 

I think that it is important that error conditions REQUIRE a status code in all circumstances so that the PEP is aware that the decision is a result of an error and not insufficient inputs. In practical terms this would allow the PEP to decide if retrying the request has merit, as well as provide important operational information. This requires that status codes be required in all cases (at least that seems like it would be the case). 

Under that assumption, here are the changes I think are necessary to accomplish this:

Add the text from line pdf:4176, "...shall evaluate to "Indeterminate", with the appropriate error status,"  to lines pdf:4502, 4605, 4664 and 4799s.

Change pdf:2696 (and schema) to read: "<xs:element ref="xacml-context:Status" minOccurs="1"/>"

Change pdf:2696 (and schema) to read: "<xs:element ref="xacml-context:Status" minOccurs="0"/>"

Change pdf:2709 to read: "<Status> [Required]"

Change pdf:2760 to read: "<xs:element ref="xacml-context:StatusCode" minOccurs="1"/>"

Change pdf:2760 to read: "xacml:Context:Status M"
Change pdf:2760 to read: "xacml:Context:StatusCode M"

I would like to propose that this be adopted by the spec. If the group doesn't agree then lines pdf:4715 and 4755 need to be updated to reflect this.

To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>

------- end of forwarded message -------

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC