[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Call for Obligations
Has there been any work on obligations since xacml v2.0? Some use cases: Some of the things that pop up in mind with reference to obligations are: a) Auditing. (Common use case). b) Deny further requests on a particular subject if the number of unsuccessful authorization requests > n times. (More of a DOS use case). - Blacklist a subject. Priority among ObligationCategoryMembers: http://wiki.oasis-open.org/xacml/DiscussionOnObligations In the case of "encrypt" category, what if the PEP is unable to encrypt using "3DES" but can do "blowfish"? I think there is scope for levels of priority here with reference to obligation categories for the various members. Optional Obligations: I am also wondering if there is scope to specify whether a particular obligation is required or optional. The reason is if a particular PEP is not able to perform a particular obligation, then it is non-reasonable to deny a particular access. A policy writer should be able to specify obligations that are mandatory and some that are optional(eg: logging for performance purposes). Sorry if I have been way off-topic. Bill Parducci wrote: > As we explore ways to create a model for handling more complex Obligation > combinations it will be very helpful to gather Use Cases and/or > descriptions of Obligations that are (or are planned to be) used in the > field. This will help us create Obligation Categories and from that > hopefully develop a model that will be both flexible and deterministic in > combining the slippery little things. > > Please post your contributions to the list or email me directly if you > aren't able to post to the list. All input is welcome. > > thanks > > b > -- Anil Saldhana JBoss Security & Identity Management http://labs.jboss.com/portal/jbosssecurity/
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]