OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml] Obligations



I don't like the proposal that if the PEP cannot perform all intended
obligations on a Permit that the access decision should be "Deny".

It really begs the question of the PDP knowing what the PEP can or cannot
fulfill in its policy evaluation, because it implies that if the
obligation cannot be fulfilled by the PEP, that according to the proposal,
it is actually really a Deny.

Even leaving the PDP out of it, the PEP may not know if it could fulfill
any operations until the PEP actually tries it. In simplist scenario, the
obligation may not even terminate, or may be something like "delete record
after 60 days" as has been pointed out.

I think there may solution for that problem which is illustrated in a
paper by Nafty Minsky. It's quite old, 1985, but might be to the point.
The citation is below. I'll put the approach in our context:

Since the PDP is asked by the PEP for a specific access request, we might
want the PEP (or some other entity under control of the PEP) to keep track
of enacted obligations and make sure that they are fulfiled.

Obligations have the form of a triple of (deed,deadline,saction) where the
semantics are to the PEP: The obligation says that the deed must be
fullfilled by the deadline, or else the sanction will be executed (i.e.
rectifying the situation). No, the sanction cannot be "deny".

You have to take the following philosophy:

Access has been granted with certain obligations and if obligations are
not fullfiled (by the deadline), then something is done to rectify the
situation, i.e. possibly: for being granted access some punishment is upon
you for not fullfilling the obligations.

This approach allows the PDP to tell the PEP what to do in the event that
the PEP cannot enforce the obligations to be met, within some time frame,
instead trying to figure out whether obligations like (delete record in 60
days) can be fullfiled.

The Citation. It is avalable off of the ACM Portal.

Proceedings of the 8th international conference on Software engineering
1985 , London, England

  Ensuring integrity by adding obligations to privileges

  Authors
    Naftaly H. Minsky
    Abe D. Lockman

  Sponsors
    IEEE-CS : Computer Society
    SIGSOFT : ACM Special Interest Group on Software Engineering

  Publisher
   IEEE Computer Society Press   Los Alamitos, CA, USA

    Pages: 92 - 102  Proceeding-Article
    Year of Publication: 1985
    ISBN:0-8186-0620-7


Cheers,
-Polar






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC