[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-users] Help on Condition ? <-- Obligations
Thanks, that sounds reasonable. I will have the Use Cases later. Cheers, Yoichi -------------------------------------------------------------------------- Yoichi Takayama, PhD Senior Research Fellow RAMP Project MELCOE (Macquarie E-Learning Centre of Excellence) MACQUARIE UNIVERSITY Phone: +61 (0)2 9850 9073 Fax: +61 (0)2 9850 6527 www.mq.edu.au www.melcoe.mq.edu.au/projects/RAMP/ -------------------------------------------------------------------------- MACQUARIE UNIVERSITY: CRICOS Provider No 00002J This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender. Views expressed in this message are those of the individual sender, and are not necessarily the views of Macquarie E-Learning Centre Of Excellence (MELCOE) or Macquarie University. On 12/12/2008, at 4:32 PM, Bill Parducci wrote: > > On Dec 12, 2008, at 4:04 PM, Yoichi Takayama wrote: > >> Bill, do you have Use Case to determine what Condition(s) were >> responsible and construct your "message" for reason why the >> Decision was made??? Or, is it much a simpler matter and I am >> overestimating the problem? > > I think Use Cases that were presented at the last TC meeting are a > good example of this: > > /* XACML TC Minutes, 4 December > > Mike Beach from Boeing reviewed his authz Use Cases > http://projectconcordia.org/images/d/d6/BoeingFineGrainedAuthorization.pdf > (starting at slide 8) > The basis of the talk is the ability of XACML to deal with export > licensing using Obligations or is additional machinery needed? > > */ > > The current mechanism to solve this issue is to "wrap" the > individual Rules in Policies to create more granular Obligation > control. This initiated the discussion on whether Obligations should > be extended to the Rule level. I have suggested that this is not a > good solution to this problem since it overloads what Obligations > should do (IMO). I do however, understand the need for informational > decision information to be returned so I proposed that we create a > mechanism specifically for response messaging at the Rule level. I > think this can be added safely since it is not possible to have > combining conflicts on non-actionable strings. (I cannot say the > same for Obligations, which are not combinable as currently defined) > > thanks > > b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]