[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] 7.7 Obligations
this is in reference to the pEp (which doesn't do 'extra fancy rule and policy recombination algorithm' stuff). the idea is that *regardless* of what the pDp returns to the pEp in terms of an azn decision, the pEp DENIES access to the Resource by the Subject if the associated Obligation is not understandable. b Daniel Engovatov wrote: > > > >>The PDP just collects obligations; it is not responsible for >>enforcing them. The PEP is responsible for enforcing >>obligations. If the PEP does not understand an obligation, it >>should deny access. > > > DENY? What if it is using some extra fancy rule and policy recombination > algorithm that never returns denies - only PERMIT and NONAPPLICABLE. > > Maybe it should be worded such that it is up PEP MUST recognize this, but > what to do is up to an implemention? > > Daniel > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC