[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [model] Proposal of Post Condition
Yes. In your list of the terms, I prefer "provision" the most and "obligation" is the next. Do you think that "obligation" better describes the notion than "provision"? I think that how post-condition is specified and computed would be more debatable. Since v0.9 is available, I give a potential syntax below: <policyStatement> <target> <subjects>... <resources>... <actions>... </target> <policy> <predicate>... </policy> <post-condition> <onTrue> <operation uri="..."/> </onTrue> <onFalse> <operation uri="..."/> </onFalse> </post-condition> </policyStatement> The post-condition is computed: 1. When the expression for <target> holds true, then the post-condition flag is set to on. Otherwise, this policy is not applicable and no post-condition is returned. 2. If the post-condition flag is on and if <policy> is evaluated true, then the post-conditions in <onTrue> (if exists) is returned as the result of the computation. In case of no <onTrue>, no post-condition is returned. 3. If the post-condition flag is on and If <policy> is evaluated as false, then the post-conditions in <onFalse> (if exists) is returned as the result of the computation. In case of no <onFalse>, no post-condition is returned. Does that make sense? Regards, Michiharu Kudo IBM Tokyo Research Laboratory, Internet Technology Tel. +81 (46) 215-4642 Fax +81 (46) 273-7428 From: bill parducci <bill@parducci.net> on 2002/02/15 15:09 To: "XACML TC <xacml" cc: Subject: Re: [xacml] [model] Proposal of Post Condition > Do you think that the term "post-condition" is not the right word? > If so, what do you think the best term for the notion of this kind? for me, one of the problems with the term 'post-condition' is that it technically refers to the *state* of something after an event, not something that must be done (as is the case with the term 'pre-condition'). this can become confusing when working in other contexts (like UML: "Postconditions - Describe the state of the system, and perhaps the actors, after the use case is complete...") for starters, how about these? stipulation provision proviso constraint obligation caveat directive regulation i am sure we can come with a number of alternative terms that will work. personally, i like 'obligation', because in this model this is really what you have: the PEP has an obligation to enforce the rulings of the PDP (i.e. GRANT) under the terms defined by the PDP (e.g. 'delete after 30 days') -- if it cannot it must DENY. does that make sense? b ---------------------------------------------------------------- To subscribe or unsubscribe from this elist use the subscription manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC