[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: access control information (formerly... Strawman)
The problem with "insufficient funds to access" is it requires an understanding of the meaning of the constraint "balance > $5,000". (Yes, I know by policy example was not precisely in this form ...). To avoid the requirement that the policy engine actually understand the semantics of the constraint, I suppose it could return "balance < ?required-amount" which would only require programming the policy engine such that it understood the semantics of some finite set of operators. It still gets pretty ugly though. > -----Original Message----- > From: bill parducci [mailto:bill@parducci.net] > Sent: Monday, June 11, 2001 3:53 PM > To: 'xacml@lists.oasis-open.org' > Subject: access control information (formerly... Strawman) > > > /* > For the most part these situations can be reduced to things > of the form > "If you don't tell me that I need a $5,000 balance to access your > services, how do I know what to do to comply?". > */ > > good point. however, should the response be 'you need $5,000 to have > access' or 'insufficient funds to access'? i know to some > this may seem > pedantic, but the former message provides the requestor with specific > information regarding your ACL. (imagine the case of 'denied: not > memeber of xyz group') > > /* > Once again, we should leave the decision whether or not to > expose policy > to the expression of the policy itself. > */ > ultimately, this may be the only workable solution. (although, let's > shoot a couple of prisoners first and see how it goes to make sure :o) > > b >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC