Subject: XACML 3.0 Obligations
I’m a student of University of Florence and I’m doing a master thesis on XACML 3.0 and the use of obligations. I’m trying to define a formal semantic for XACML 3.0 and I don’t understand how Obligations are managed by the PEP with Base algorithm. In fact in section 7.2.1 the standard says: “PEP shall permit access only if it understands and it can and will discharge those obligations” but it doesn’t say which is the decision of PEP when it can’t understand the obligations, is it deny or indeterminate? And for a PDP authorization decision “Deny” with unsuccessful obligation, it becomes indeterminate?