[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: XACML TC Charter Revision - Strawman
> For example, you will ask "Can Joe access x?" and you will get > the answer "Yes, joe can access X", but the fact of the matter is the same > request would get a different answer 1 sec later. Also perhaps it didn't > even matter that it was Joe. Probably for accountability purposes that is > good enough, but I continue to be concerned that the assertion will be > wrongly construed. if i understand this correctly, the only methods by which such apparent capriciousness can be avoided are: (a) require each request to contain all information necessary to form a decision or (b) provide all information involved in the decision regardless of the contents of the request practical issues aside, in either situation i can see potential security issues in that all aspects of the Authorization Decision must be divulged externally. does this make sense? b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC