Re: [xacml-users] Help on Condition ? <-- Obligations

[Oleg Gryb <oleg_gryb@yahoo.com>]

Bill,

I see your point and think that your "quantification" argument is valid, but I still think that a quantified action ("sign") and additional information ("message") could be incorporated to Obligation. I think it would be logical in the cases when latter is related to the former (as in my example).

I also think that whatever decision TC makes (message outside of Obligation or message inside the Obligation, or both) the most important thing is to allow expressions for building both "explicit quantified actions" and "messy abstract messages" :)


--- On Fri, 12/12/08, Bill Parducci <bill@parducci.net> wrote:

> From: Bill Parducci <bill@parducci.net>
> Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
> To: oleg@gryb.info
> Cc: xacml-users@lists.oasis-open.org
> Date: Friday, December 12, 2008, 3:58 PM
> On Dec 12, 2008, at 12:03 PM, Oleg Gryb wrote:
> 
> > Let us modify my example a bit by changing message to:
> "You've exceeded the max of $10000 in 6-month
> period. If you want to continue using the bill pay service,
> sign the agreement below".
> > 
> > If a user signs the agreement bill pay functionality
> will be enabled, otherwise the access will be denied. How is
> it different from the "sign agreement" obligation
> that Yoichi was writing about?
> 
> On one level they are the same in that there is an action
> that is expected by the PEP that is associated with the
> Decision. Where it gets messy is the chaff around the
> message. In Yoichi's case "sign" is an
> explicit PEP action that while still subject to
> implementation (as are all things in Obligations :( has a
> moderately quantifiable meaning to the PEP. In other words,
> it is telling the PEP to something: sign the payload.
> 
> Your case is describes and Obligation that is effectively
> written to the Subject. The PEP somehow infers that it takes
> action. There are many ways to define what: custom
> delimiters, string structures, etc. but in my mind that
> makes a bad situation worse because it further extends
> localized logic. I personally don't find this type of
> compound logic appealing; it seems to me to be analogous to
> only having a single Rule that invokes
> http://myuri/doEverythingNecessary.
> 
> I guess to some it sounds pedantic on my part but think of
> the Implications of Policy creation if, "You've
> exceeded the max of $10000 in 6-month period. If you want to
> continue using the bill pay service, sign the agreement
> below" is an actionable statement. Personally, I try to
> take the perspective of an auditor so things outside of the
> explicit Policy content or free form text instructions make
> we all squishy inside :)
> 
> b
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> xacml-users-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail:
> xacml-users-help@lists.oasis-open.org