[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] 7.7 Obligations
On Mon, 7 Oct 2002, bill parducci wrote: > this is in reference to the pEp (which doesn't do 'extra fancy rule and > policy recombination algorithm' stuff). > > the idea is that *regardless* of what the pDp returns to the pEp in > terms of an azn decision, the pEp DENIES access to the Resource by the > Subject if the associated Obligation is not understandable. It appears to me that this document merely describes a language, such that when a formula of the language is well formed, when evaluated against a specific valid input, yields a consistent result. What the PEP does with that result is up to the PEP. This advice should be non-normative. The normative part should only outline the specific manner in which obligations are collected in a particular way, according to the language, and delivered in the result. Cheers, -Polar > > b > > Daniel Engovatov wrote: > > > > > > > >>The PDP just collects obligations; it is not responsible for > >>enforcing them. The PEP is responsible for enforcing > >>obligations. If the PEP does not understand an obligation, it > >>should deny access. > > > > > > DENY? What if it is using some extra fancy rule and policy recombination > > algorithm that never returns denies - only PERMIT and NONAPPLICABLE. > > > > Maybe it should be worded such that it is up PEP MUST recognize this, but > > what to do is up to an implemention? > > > > Daniel > > > > ---------------------------------------------------------------- > > To subscribe or unsubscribe from this elist use the subscription > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC