[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Inconsistency in obligation enforcement
All, While cleaning up the use of obligation/advice/expression in the core spec, I noticed that there is an inconsistency regarding enforcement of obligations. Section 5.1, line 1703 says: "If the PEP does not understand, or cannot fulfill, any of the obligations, then it MUST act as if the PDP had returned a “Deny” authorization decision value. See Section 7.16." This contradicts section 7.2 which defines PEP bias. Since I think there was agreement in the past that we want to let the PEP bias determine what happens in case of failed obligations, I am editing in the following change: "If the PEP does not understand, or cannot fulfill, any of the obligations, then it MUST act according to the PEP bias. See Section 7.2 and 7.16." Please let me know if you are not in agreement. Best regards, Erik
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]