[xacml] Inconsistency in obligation enforcement - Erik Rissanen - org.oasis-open.lists.xacml

2 messages in org.oasis-open.lists.xacml[xacml] Inconsistency in obligation e...

From	Sent On	Attachments
Erik Rissanen	Nov 16, 2009 4:42 am
bill parducci	Nov 16, 2009 6:24 am

Subject:	[xacml] Inconsistency in obligation enforcement
From:	Erik Rissanen (er...@axiomatics.com)
Date:	Nov 16, 2009 4:42:01 am
List:	org.oasis-open.lists.xacml

All,

While cleaning up the use of obligation/advice/expression in the core spec, I noticed that there is an inconsistency regarding enforcement of obligations. Section 5.1, line 1703 says:

"If the PEP does not understand, or cannot fulfill, any of the obligations, then it MUST act as if the PDP had returned a “Deny” authorization decision value. See Section 7.16."

This contradicts section 7.2 which defines PEP bias. Since I think there was agreement in the past that we want to let the PEP bias determine what happens in case of failed obligations, I am editing in the following change:

"If the PEP does not understand, or cannot fulfill, any of the obligations, then it MUST act according to the PEP bias. See Section 7.2 and 7.16."

Please let me know if you are not in agreement.

Best regards, Erik

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets