OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] [model] Proposal of Post Condition



Yes. In your list of the terms, I prefer "provision" the most and
"obligation" is the next. Do you think that "obligation" better describes
the notion than "provision"?

I think that how post-condition is specified and computed would be more
debatable. Since v0.9 is available, I give a potential syntax below:

<policyStatement>
  <target>
    <subjects>...
    <resources>...
    <actions>...
  </target>
  <policy>
    <predicate>...
  </policy>
  <post-condition>
    <onTrue>
      <operation uri="..."/>
    </onTrue>
    <onFalse>
      <operation uri="..."/>
    </onFalse>
  </post-condition>
</policyStatement>

The post-condition is computed:
1. When the expression for <target> holds true, then the post-condition
flag is set to on. Otherwise, this policy is not applicable and no
post-condition is returned.

2. If the post-condition flag is on and if <policy> is evaluated true, then
the post-conditions in <onTrue> (if exists) is returned as the result of
the computation. In case of no <onTrue>, no post-condition is returned.

3. If the post-condition flag is on and If <policy> is evaluated as false,
then the post-conditions in <onFalse> (if exists) is returned as the result
of the computation. In case of no <onFalse>, no post-condition is returned.

Does that make sense?

Regards,
Michiharu Kudo

IBM Tokyo Research Laboratory, Internet Technology
Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428



From: bill parducci <bill@parducci.net> on 2002/02/15 15:09

To:   "XACML TC <xacml"
cc:
Subject:  Re: [xacml] [model] Proposal of Post Condition



> Do you think that the term "post-condition" is not the right word?
> If so, what do you think the best term for the notion of this kind?

for me, one of the problems with the term 'post-condition' is that it
technically refers to the *state* of something after an event, not
something that must be done (as is the case with the term
'pre-condition'). this can become confusing when working in other
contexts (like UML: "Postconditions - Describe the state of the system,
and perhaps the actors, after the use case is complete...")

for starters, how about these?

stipulation
provision
proviso
constraint
obligation

caveat
directive
regulation

i am sure we can come with a number of alternative terms that will work.
personally, i like 'obligation', because in this model this is really
what you have: the PEP has an obligation to enforce the rulings of the
PDP (i.e. GRANT) under the terms defined by the PDP (e.g. 'delete after
30 days') -- if it cannot it must DENY.

does that make sense?

b

----------------------------------------------------------------
To subscribe or unsubscribe from this elist use the subscription
manager: <http://lists.oasis-open.org/ob/adm.pl>





[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC