[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Multiple obligations
On Jun 10, 2011, at 5:47 AM, <remon.sinnema@emc.com> wrote: >> Things get more complicated if the combining algorithms do more than >> simple conflict resolution between policies, like for instance majority >> voting for the decision, in which case there would be more than one >> rule >> which "caused" the decision. > > I hadn't considered that possibility. I agree that that complicates things. Also consider heterogenous Obligation definitions. PDP/PIP A Obligation = encrypt: 3DES PDP/PIP B Obligation = encrypt: AES-128 Both systems support an Obligation called "encrypt", but it means different things. This too is something that we attempted to address with ObligationFamilies (and why I suggest that if we are to "fix" the problem there needs to be a mechanism for PDP metadata to reference these constructs). b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]