OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Updated working drafts posted


Hi Bill,

Ok, what about this:

"If any of the results to be combined contains any obligations, then the 
combined result MUST be Indeterminate, with status code processing-error".

It's probably best to have it like this until the time when we have a 
real solution to the issue.

Best regards,
Erik

On 12/16/2009 04:59 PM, bill parducci wrote:
> Erik
>    
>>> =>  It is unclear to me what should happen with obligations in
>>> combined decisions. I thought about it and it doesn't quite
>>> make sense to combine the obligations since each obligation
>>> is associated with a single decision on a particular resource
>>> (and subject, action, etc). For instance, an obligation such
>>> as "log-access-to-the-resource" does not make sense for a
>>> combined decision since it is not clear how the combined
>>> decision relates to the use of any specific resource. So, I
>>> made the specification so a combined decision never includes
>>> any obligations. If obligations are important, then the PEP
>>> has to request the full list of individual decisions with the
>>> obligations.
>>>        
>>      
> Paul
>    
>> I agree.  The only other way is to allow
>> "ObligationCombiningAlgorithms", and that would be complicated and
>> probably not be required for many real-world use cases.
>>      
> It seems counterintuitive that Obligations would effectively be dropped as this would be in variance with what the Author intended when writing the Policy. If we are going to punt on Obligation combination (I agree that it is a monstrous issue), then I suggest that Policies with Obligations not be combinable based on the assumption that the only entity that knows "if Obligations are important" is the Author (and I believe that Obligations are normative as of v3).
>
> b



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]