OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: RE: [xacml] 7.7 Obligations



>not sure how you come to this conclusion: conformance is now more difficult
for the reasons stated above. rather 
>than taking the position:

>"if you don't understand the decision, effectively DENY--ALL PEPs behave
the SAME"

Pardon me for repeating a question:  why DENY?  Is not a decision with
obligation just another kind of decision - and when an unambiguous and
deterministic decision is reached - XACML land ends.  Enforcement point may
lock you out of a building, or open floodgates and drown your town - on
either PERMIT, or DENY.  Or shut itself down when it cannot understand the
obligation.  It does not seem to me that the action taken by PEP is in the
scope of XACML at all.

And I agree - adding any protocol to communicate whether PEP understands
anything is an unworkable complexity..

Daniel;


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC