[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] three questions: string-not-equal & valid FulfillOn attributevalues & placement of variableDefintions
On May 30, 2011, at 8:14 AM, Erik Rissanen wrote: >> 2. Is there a reason why one can not define an ObligationExpression with a FulfillOn=”Indeterminate” value? > > Maybe someone from the XACML 1.0 era here could respond better, but it seems a bit weird to put enforcement actions in an error, meaning that we don't even know whether a policy applied or not. I don't have done a formal analysis of a the matter though. Yes, this is my recollection of this. Obligation combination is a very difficult problem and introducing it into decisions other than Permit and Deny was considered untenable. (e.g. consider the ramifications of the Extended Indeterminate Uses Cases we have been discussing, or Deny|Permit overrides scenarios). b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]