Dynamic Obligations, Select Function - Oleg Gryb - org.oasis-open.lists.xacml-comment

1 message in org.oasis-open.lists.xacml-commentDynamic Obligations, Select Function

From	Sent On	Attachments
Oleg Gryb	Jun 4, 2008 9:55 am

Subject:	Dynamic Obligations, Select Function
From:	Oleg Gryb (oleg...@yahoo.com)
Date:	Jun 4, 2008 9:55:05 am
List:	org.oasis-open.lists.xacml-comment

I had two problems when was trying to create an obligation dynamically and when was trying to select a value from a bag using an expression as an index. Please let me know if it's possible at all. If not, please consider these features for future implementations.

I needed to generate a "show-message" obligation that would explain a reason of "deny" to an authorization service consumer. The message depends on rules and is calculated dynamically.

However, I can only return <AttributeValue> that is interpreted literally by PDP. The wanted feature is to use an arbitrary "Expression" instead of <AttributeValue>, e.g. to use a variable that has been evaluated before.

The second problem: I could have all messages enlisted in a string bag. The wanted feature is to be able to create an expression and use it as an index to select a string from a bag.

Please let me know if there is a way of doing that in the current implementation.

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets