[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] XACML Issues List Version 01
Hi > I believe Periangela's list was missing one issue from Tim, so that will > have to be added in. yes, i was missing a proposal by Tim with respect to issue [PM-1-02: Post-conditions]. I included it in by changing the description of the issue in my copy while on the concall monday as reported below. could you pls substitute the paragraph below to the current one? thx. best -p ---------------------------------------- * post-condition. The current schema [Tim, Jan.3] mentions post-conditions, distinguishing between external and internal, depending on whether their execution requires dialoging with external entities. The current schema suggests (via a comment) that post-conditions can be expressed as invocations of SOAP services. Post-conditions are still to be discussed in details: what is their semantics; how are they executed? A complication of post-conditions associated with a rule involves the distributed scenario (see POLICY COMPOSITION issue). In fact, if I say that a post-condition should be applied whenever a rule fires then I have to evaluate *all* rules. A possible way to overcome this problem is to consider that post-conditions associated with the authorizations that were evaluated to get to an access decision should be executed [Tim]. Note: a possible drawback of this approach is that deterministic behavior may be lost. For instance, there may be N rules applying to an access. If the evaluation of 1 of them brings to a ``permit'' decision (so there is no need to evaluate the others). Then, you would ignore the postconditions possibly associated with the other N-1. Different execution of the same request on the same state could then have a different behavior (because a different rule is considered as authorizing the request. ------------------------------------------------------------
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC