OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Help on Condition ? <-- Obligations


Thanks for answering. When you wrote "express in policy", did you mean to create an example of policy that would demonstrate that? If this is the case I can work on it. I actually have such a policy set, but it's proprietary, so I'll probably need to create a new more generic one.

In regards specific requirements, please do consider adding expressions to obligations as I and other people had suggested in the past. It would make the obligations more dynamic. Example: I want to return an error message: "The access to the bill pay service has been denied because you exceeded the total maximum of $10000 in 6-month period" where $10000 and 6-month are environment attributes. I didn't find a way of creating such an obligation within current spec.

--- On Thu, 12/11/08, Seth Proctor <Seth.Proctor@sun.com> wrote:

> From: Seth Proctor <Seth.Proctor@sun.com>
> Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
> To: oleg@gryb.info
> Cc: xacml-users@lists.oasis-open.org, "Balaji Kannadassan" <balajika@nortel.com>
> Date: Thursday, December 11, 2008, 12:25 PM
> Hi Oleg.
> > Is it complinat with XACML model if I return a
> "show-deny-reason"
> > obligation that would contain explanation in plain
> English why the
> > access has been denied?
> This is definitely valid. Actually, this very use-case is
> being discussed
> right now by the TC. Do you want to express this kind of
> logic in a
> policy? Do you have any specific requirements that
> you'd like to share?
> seth
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> xacml-users-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> xacml-users-help@lists.oasis-open.org


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]