OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Making progress?

Hi Rich.

> Unfortunately I missed the meeting this morning, however, Hal filled me in 
> on some details. In particular, Hal mentioned that in the Boeing 
> presentation that there was indicated a requirement for having Obligations 
> available at the Rule level, while they are currently available only at the 
> Policy level.

To provide some context, the actual requirement was slightly different. The
use-case here is being able to communicate back to a PEP why a decision
(typically a Deny) was made. This is something I've heard many others ask
for as well, so personally I think it's a good thing to support.

The discussion turned to Obligations because this is the only mechanism we
currently have to support the use-case. That is, a policy can include an
Obligation that (statically) describes why a given Policy resulted in
Permit or Deny.

I think this is hard to work with for several reasons. The main reason we
discussed is that Obligations cannot be included on Rules (or even lower),
though personally I think the name "Obligation" implies something specific
about what's returned that isn't really what we're trying to address here.
It's also harder to work with something that can't be dynamic in its use
of the Context (though Erik has suggested ways to address this).

I hope that helps in terms of why we were discussing this issue..


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]