OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Multiple obligations

On Jun 10, 2011, at 5:47 AM, <remon.sinnema@emc.com> wrote:

>> Things get more complicated if the combining algorithms do more than
>> simple conflict resolution between policies, like for instance majority
>> voting for the decision, in which case there would be more than one
>> rule
>> which "caused" the decision.
> I hadn't considered that possibility. I agree that that complicates things.

Also consider heterogenous Obligation definitions.

Obligation = encrypt: 3DES

Obligation = encrypt: AES-128

Both systems support an Obligation called "encrypt", but it means different things. This too is something that we attempted to address with ObligationFamilies (and why I suggest that if we are to "fix" the problem there needs to be a mechanism for PDP metadata to reference these constructs).


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]