OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] Re: [xacml-comment] Incomplete: behavior if <Obligations>present but not supported

I would suggest that if the PDP encounters any optional-to-implement feature
that it doesn't support (eg, a PDP that doesn't support obligations parsing
a policy that contains obligations) that this is an error case. The only
question is how that error is handled.

Since there are no optional features that can be put in a request, the only
problems will happen when a policy is handled by a PDP. A policy may get
parsed by a PDP at startup time, or when a request causes the PDP to go
looking for a policy. In the first case, there is no request from a user,
so there is no correct error to return (an implementor should probably tell
the person starting the PDP that an error occured and that a certain policy
can not be used by the PDP). In the second case, this is a processing error.
I would think that INDETERMINTAE shuold be returned to the PEP, and if Status
is supported by the PDP, a Status of PROCESSING ERROR should be included.

This should cover all optional-to-implement features like XPath, Obligations,


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC