[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
On Dec 12, 2008, at 4:04 PM, Yoichi Takayama wrote: > Bill, do you have Use Case to determine what Condition(s) were > responsible and construct your "message" for reason why the Decision > was made??? Or, is it much a simpler matter and I am overestimating > the problem? I think Use Cases that were presented at the last TC meeting are a good example of this: /* XACML TC Minutes, 4 December Mike Beach from Boeing reviewed his authz Use Cases http://projectconcordia.org/images/d/d6/BoeingFineGrainedAuthorization.pdf (starting at slide 8) The basis of the talk is the ability of XACML to deal with export licensing using Obligations or is additional machinery needed? */ The current mechanism to solve this issue is to "wrap" the individual Rules in Policies to create more granular Obligation control. This initiated the discussion on whether Obligations should be extended to the Rule level. I have suggested that this is not a good solution to this problem since it overloads what Obligations should do (IMO). I do however, understand the need for informational decision information to be returned so I proposed that we create a mechanism specifically for response messaging at the Rule level. I think this can be added safely since it is not possible to have combining conflicts on non-actionable strings. (I cannot say the same for Obligations, which are not combinable as currently defined) thanks b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]