OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] XACML Issues List Version 01


Hi,

> I too would like to see actions in this context.

in today's TC concall, some people mentioned that "action" is already used
with different semantics (=the operation the principal is requesting). 
that's true, so we should find another term.

the point is, however, that the semantics of "postconditions" now seems 
really to be a reaction of the system, not the evaluation of a state, so 
terminology should reflect the semantics.

> However, I have a question. What is the purpose for actions (i.e.  these
> post conditions) after checking a policy? What types of actions are
> allowed? 

examples that were brough up for post-conditions were things like "logging 
the request", essentially they are actions that the system executes in 
response to granting an access, or simply having evaluated the 
authorizations (discussion on the specific behavior is still open).

> Do they change the state of the policy?

if you mean the set of rules i guess the answer is no (they should not 
change the rules). 
but again, post-conditions are one of the issues which have not discussed 
fully.

best
-p




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC