Re: [xacml] [EXTERNAL] [xacml] Default behavior for unrecognized resource attributes?

[William Parducci <bill@parducci.net>]

On Jan 15, 2016, at 1:17 AM, Erik Rissanen <erik@axiomatics.com> wrote:

If you want to specify a mechanism of detecting this specific kind of error, it should be done by means of metadata. The PDP could publish a statement saying "I am operating with a policy which has been authored with the attributes foo, bar, ... in mind." Whether that means that all attributes are used or not is something which the policy author decides. In any case, the PEP can check whether the attributes it thinks are relevant have been taken into account when the policies were authored.

Agreed. This could also be handled by version information retained in PDP metadata. This is something that we discussed in the past. It is more general, but would ensure there isn’t an impedance mismatch on evaluation.

b