[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Multiple actions per decision request
i concur. i think that the process by which the appropriate policies are determined will not be able to handle this. it will be hard enough to determine rule applicability with a single object/target/thingie. b Tim Moses wrote: > Colleagues - In the SAML issues document, > > http://www.oasis-open.org/committees/security/docs/draft-sstc-core-discussion-01.doc > > > ... Issue 5.1.15.2 seeks guidance on whether multiple "actions" can be > specified in a single decision request. > > I feel that XACML should answer this question and send its conclusion in > a liaison to SAML. > > My feeling is that the answer is "No". If "applicable policy" is to be > identified with the resource/action pair, then multiple "applicable > policies" are involved when multiple actions are involved. Much > "cleaner" for there to be a single "applicable policy" for each decision > request. And, therefore, a single action per decision request. It is > no great hardship to submit multiple decision requests, in the event > that you need a decision for each of several actions. > > Any thoughts? All the best. Tim. > > ----------------------------------------- > Tim Moses > Tel: 613.270.3183 >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC