[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] The new advice "obligation"
> The <Advice> (if we call it so) is similar to an obligation, but it > can > be ignored by the PEP. It is intended as extra information about the > decision, like a reason for why an access was permitted or denied. Not > as a requirement for the PEP to perform an action. > > Best regards, > Erik > I think this is a bad naming idea. XACML should not be in the business of prescribing what PEP does with decision metadata, and certainly we should not enshrine it in the schema. As I have already mentioned, "obligation" was a bad choice of a term to start with. Simple fact is that decision is not a boolean, and it is implementation/profile defined what any other facet of the decision means. We should just pick a neutral term and leave everything else to profiles. Daniel;