Subject: Re: [xacml] another small time/date issue
why not? it is conceivable that it would information that the requestor does not--or should not--have that could be used for accessing secondary information necessary to derive a decision. as you pointed out earlier this falls into the realm of operational control, and as such is beyond the XACML scope. still, it doesn't mean that XACML doesn't play a role in each decision. b Daniel Engovatov wrote: > ..but PDP is not intended to be a source (for "adding/enhancing") of > information, is it? In most cases, one would expect the same piece of > code to somehow provide both PDP and PIP services, but for the purpose > of the standard these are two very distinct activities, I would imagine. > > Same reason as for why the bags are not ordered. Attempt to prescribe > how it is to be done may be too much for us to tackle, and I am not sure > that we should try. XACML is deterministic given that PIP and request > provides the exact same data, but does not require that, beyond the > statement that condition functions shall not have side effects and shall > return the same response for the same arguments every time. > > D.