[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [xacml] Problem Statement for "Define new combining algorithms fordeterministic Obligations"
This is a concrete problem statement for the XACML 1.1 work item titled "Define new combining algorithms for deterministic Obligations". The policy combining algorithm defined in the XACML spec has problems when it deals with policy with obligations (no problem when policy has no obligations). Since the combining algorithm is defined in indeterministic way (except for first-applicable), the obligation(s) returned by the algorithm may differ because of that inderministic property. This problem was posted on the comment mailing-list: http://lists.oasis-open.org/archives/xacml-comment/200301/msg00024.html. In addition, the current spec needs more explanatory text about how to generate obligations from policy. Therefore, XACML should define additional policy combining algorithm(s) that deterministically returns the obligations and revise the corresponding texts. Michiharu Kudo
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]