[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Discussion summary and revised post-condition proposa l
Hi Michiharu,
Thank you (and the other members of the sub-sub-committee) for your careful write-up! I have one small comment.
----------
From: Michiharu Kudoh[SMTP:KUDO@jp.ibm.com]
Sent: Thursday, February 21, 2002 5:27 AM
To: XACML TC
Subject: [xacml] Discussion summary and revised post-condition proposal
3.3 Return provisions to PEP
PDP just returns the resolved provisions back to PEP. We assume here that
PDP is not configured to support provisions. PDP-supported provision is
outside the scope of XACML.
Alternatively, we could take the following position.
The PDP gathers together all the resolved obligations (i.e., all the obligations that are relevant, given the evaluation of the policy). If it is able to support any of those obligations itself, it will do so. Those that it cannot support, it returns to the PEP in the AuthorizationDecisionWithObligationStatement.
That is, rather than saying that the PDP is not configured to support obligations, we leave it entirely open. It may or may not support obligations; that is an implementation choice. However, any policy-required obligations that it cannot support must be passed along to the PEP.
Carlisle.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC