[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] Fwd: one question regarding obligations in XACML
> Basically, Obligations are intentionally under-specified. You need to > define the relationship between your PEP and PDP, and how > your PEP will > interpret the Obligations. Beyond that, you've free to define whatever > functionality you like. If you think about it, in general the correspondence between constructs manipulated by XACML and their real world counterparts is equally an unspecified convention. For example, only the PEP knows what the real resource is that corresponds to some string in the input context. For example, if the user requested access to http://www.example.com/index.html the resource name in the input contex could be: http://www.example.com/index.html, /index.html, index, %49%4E%44%45%58, Resource-1 or something else. As long as the policy writer and the PEP agree, the system works as expected. The PDP neither knows or cares. It simply manipulates data according to a set of rules. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]