OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Difference between Obligations and Conditions

Bill - 

Thanks for the reply.  Yes in fact, I searched the xacml archives and posted
much of that discussion to the OGSA-AuthZ list to contribute to the
discussions.  That brought about some of these discussions...

I think that some of the discussion comes from the differences between a
condition, as defined in SAML, versus an obligation, as defined in XACML and
how to reconcile the two.  This of course requires a common understanding of
their differences, in particular when trying to 'translate' between the two
structures so as not to violate the semantics of the standards but retaining
the intent (such as you outlined below for understandability, responsibility
for action, etc).


On 1/12/04 11:16 AM, "Bill Parducci" <bill.parducci@overxeer.com> wrote:

> real quickly here's my understanding (and memory)...
> we have taken the position that a condition MUST be fulfilled to take
> action (precondition), while an obligation is more of a 'promissory
> note' (postcondition). in our model obligations MUST be understood, but
> MAY not go into effect until after the action is taken.
> another (implementational) differentiator in our model is that the PDP
> treats obligations as an opaque string, while it is up to the PEP to
> determine if the obligation is 'understandable' and operate upon it
> accordingly.
> b
> p.s. fyi: we had a similar discussion in feb 2002 on the xacml list.

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]