[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Fwd: one question regarding obligations in XACML
On Sun, 2004-10-10 at 21:21, Anne.Anderson@sun.com wrote: > Could Michiharu or another obligations expert try to respond to this? This was a private email sent to me, and I already responded to it privately. Since you've forwarded it to a public list... In a nutshell, you're free to define whatever contraints you like, in whatever format you like. The PDP doesn't actually process your Obligations, so as long as you express your Obligations using valid attributes, you can use any syntax you like. In this case, you could include a specific requirement written in the XACML Condition syntax, since XACML can express these kinds of time constraints. You couls also write some simpler notation that the PEP will understand. In terms of the requirement being passed back, it's fine to impose this kind of time-related requirement, though you could also just express it as part of the policy for the specific example of date/time values. Basically, Obligations are intentionally under-specified. You need to define the relationship between your PEP and PDP, and how your PEP will interpret the Obligations. Beyond that, you've free to define whatever functionality you like. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]