OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: AW: [xacml-users] XACML 3.0 Obligations

Hi Andrea,

Obligations are a hook within xacml to return any functional effect after/during policy evaluation. Regarding your already challenging work item for your thesis I would suggest you abstract from the obligation element (make sure not to abstract from the <condition> element as others did, because this is too simplifying in practice from - my point of view).

All the best for your work





Von: Andrea Margheri [mailto:margheri.andrea@gmail.com]
Gesendet: Donnerstag, 3. Mai 2012 20:02
An: xacml-users@lists.oasis-open.org
Betreff: [xacml-users] XACML 3.0 Obligations



I’m a student of University of Florence and I’m doing a master thesis on XACML 3.0 and the use of obligations. I’m trying to define a formal semantic for  XACML 3.0 and I don’t understand how Obligations are managed by the PEP with Base algorithm.  In fact in section 7.2.1 the standard says: “PEP shall permit access only if it understands and it can and will discharge those obligations”  but it doesn’t say which is the decision of PEP when it can’t understand the obligations, is it deny or indeterminate? And for a PDP authorization decision “Deny” with unsuccessful obligation, it becomes indeterminate?



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]