OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Issues Relating to Obligations

I (finally) got around to providing some comments to privately Mohammad on the Obligation Profile for Healthcare. I hope that other members of the TC will find the time to take a close look at the next draft when he is able to publish it. It has raised in my mind some questions which I would like to get the TCs opinion on.

If time permits, I would like to introduce these questions on the call today, at least to get people started in thinking about them.

1. Obviously Mohammad and Mike want to complete a Profile which is specific to healthcare, but I am reluctant to support an approach which might not be suitable for use with other Obligation Profiles. I would like to get this mostly right the first time and not have to redo it shortly after it is finished. Besides the Obligations family effort, I have seen work by another organization which also bears on the issue. Unfortunately I believe what I have from them is under non-disclosure (just a lawyer thing) but I will try to get at least some requirements which I will share with the TC.

The biggest difference I believe between the families work and the current profile is that Families envision one set of declarations of the properties of families and different set of declarations of individual Obligations including what family they belong to.

2. Can we define a complete or at least a useful subset of Obligation handling which can be handled entirely outside of the PDP? I seem to remember Bill telling me no, but I am not sure. Changing PDP functionality at this stage seems more difficult. Further, I have already heard some different proposals for changes which could occur if we were to change PDP functionality, so this approach needs to be considered carefully.

3. Another issue I am trying to remember is the question that current combining methods allow applicable policies and rules to be skipped if the value of the Effect can be determined without them. This means that some Obligations in applicable policies may not be discovered. This was debated extensively in the old days. (I am and was firmly in the optimized evaluation camp.) My recollection of the final resolution was that thru the proper choice of combining methods, it is possible to force all policies to be evaluated. Does anyone know if this is true? Bill or anybody else do you remember this debate and its outcome?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]