[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Features for XACMLv3
On Nov 22, 2008, at 10:30 AM, Erik Rissanen wrote: > Currently obligations contain only static attribute assignments. If we > would change the schema so we also allow an Expression in the > obligation, the content of the obligation which is returned could be > dynamically generated and you could select the correct role into it in > your policy. > > I am cross posting this to the TC mailing list. I think it would be a > good idea to allow dynamic obligations in 3.0. I suspect it would > solve > the issue John was talking about on the last call, and it would solve > David's use case. And I think it would be a very useful feature in > general, with little cost since a PDP implementation has to be able to > evaluate expressions anyway. I agree. This seems like the most pragmatic approach to resolving a number of issues involving decisions that require more than a binary response. b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]