OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] Multiple actions per decision request

i concur. i think that the process by which the appropriate policies are 
determined will not be able to handle this. it will be hard enough to 
determine rule applicability with a single object/target/thingie.


Tim Moses wrote:

> Colleagues - In the SAML issues document,
> http://www.oasis-open.org/committees/security/docs/draft-sstc-core-discussion-01.doc 
> ... Issue seeks guidance on whether multiple "actions" can be 
> specified in a single decision request.
> I feel that XACML should answer this question and send its conclusion in 
> a liaison to SAML.
> My feeling is that the answer is "No".  If "applicable policy" is to be 
> identified with the resource/action pair, then multiple "applicable 
> policies" are involved when multiple actions are involved.  Much 
> "cleaner" for there to be a single "applicable policy" for each decision 
> request.  And, therefore, a single action per decision request.  It is 
> no great hardship to submit multiple decision requests, in the event 
> that you need a decision for each of several actions.
> Any thoughts?  All the best.  Tim.
> -----------------------------------------
> Tim Moses
> Tel: 613.270.3183

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC