[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Difference between Obligations and Conditions
Bill - Thanks for the reply. Yes in fact, I searched the xacml archives and posted much of that discussion to the OGSA-AuthZ list to contribute to the discussions. That brought about some of these discussions... I think that some of the discussion comes from the differences between a condition, as defined in SAML, versus an obligation, as defined in XACML and how to reconcile the two. This of course requires a common understanding of their differences, in particular when trying to 'translate' between the two structures so as not to violate the semantics of the standards but retaining the intent (such as you outlined below for understandability, responsibility for action, etc). r On 1/12/04 11:16 AM, "Bill Parducci" <bill.parducci@overxeer.com> wrote: > real quickly here's my understanding (and memory)... > > we have taken the position that a condition MUST be fulfilled to take > action (precondition), while an obligation is more of a 'promissory > note' (postcondition). in our model obligations MUST be understood, but > MAY not go into effect until after the action is taken. > > another (implementational) differentiator in our model is that the PDP > treats obligations as an opaque string, while it is up to the PEP to > determine if the obligation is 'understandable' and operate upon it > accordingly. > > b > > p.s. fyi: we had a similar discussion in feb 2002 on the xacml list. >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]