[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Re: [xacml-comment] Incomplete: behavior if <Obligations>present but not supported
I would suggest that if the PDP encounters any optional-to-implement feature that it doesn't support (eg, a PDP that doesn't support obligations parsing a policy that contains obligations) that this is an error case. The only question is how that error is handled. Since there are no optional features that can be put in a request, the only problems will happen when a policy is handled by a PDP. A policy may get parsed by a PDP at startup time, or when a request causes the PDP to go looking for a policy. In the first case, there is no request from a user, so there is no correct error to return (an implementor should probably tell the person starting the PDP that an error occured and that a certain policy can not be used by the PDP). In the second case, this is a processing error. I would think that INDETERMINTAE shuold be returned to the PEP, and if Status is supported by the PDP, a Status of PROCESSING ERROR should be included. This should cover all optional-to-implement features like XPath, Obligations, etc. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC