[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Obligations
Dear List, Forgive what I’m sure is an obvious question, but I
can’t find it in the XACML literature anywhere. If the PDP returns an
obligation to the PEP which the PEP can’t process or execute, then we
have three possible actions by the PEP depending on the bias. We can classify
the actions of the PEP depending on the response return by the PDP (when the
PEP can’t process the obligation) as follows:
RESPONSE PERMIT DENY ==================================== Base DENY PERMIT Deny-biased DENY DENY Permit-biased PERMIT PERMIT Why isn’t there a bias in which the PEP allows access
if and only if the PDP allows access, regardless of whether the PEP can
discharge the obligation or not? In other words, the PEP allows access if and
only if the PDP returns permit. For lack of a better term, this could be termed
a “response biased PEP”. My guess was that since the obligation doesn’t have
the power to change the access control decision, it is not considered part of
the access control system; however, since such a functionality would allow the
policy and the PDP to dynamically generate obligations without changing the
access control decision, I would suggest that such functionality is part of the
access control system. For example, the policy could state (that perhaps
depending an attribute which defines the number of times a subject had
attempted to access a resource) the PEP should send an e-mail alerting the
subject or resource owner when access has been allowed or disallowed. This
wouldn’t change the access control decision but is still an obligation. Thoughts? Alex === Dr. Alexander W. Dent Information Security Group Royal Holloway, University of London |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]