[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions
This issue seems very similar to the IETF PKIX Working Group handling of "critical" extensions in public key certificates. The PKIX specs say: "A certificate using system MUST reject the certificate if it encounters a critical extension it does not recognize;..." Would the word "recognize", rather than "understand", help? Anne On 25 March, bill parducci writes: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions > i would suggest that this is 'practical syntactic comprehension'. for > example if the obligation states 'permit, but encode 3DES', the PEP > needs to have an internally actionable method that maps to the term > 'encode' and that method must support 3DES. if not, an ERROR condition > arises (and i would assume a DENY would follow). > > b > > Polar Humenn wrote: > > > On Fri, 22 Mar 2002, Michiharu Kudoh wrote: > > > > > > > >>If the PEP does not understand an obligation, the PEP should deny > >>access. > >> > > > > I'm sorry. I really have a problem with this statement. "What is the > > specification of "understand"? > > > > -Polar > > > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC