you make a good point, however, i for one am not suggesting that the PEP
*perform* all obligations to effect a grant. what i have proposed is
that the PEP must *understand* the obligations to do so. to use your
example this means that the PEP must know what "delete record after 60
days" means to allow access. to my mind, a lack of understanding on teh
part of the PEP is clearly an ERROR condition, and that will most
certainly result in a deny.
b
Polar Humenn wrote:
> I don't like the proposal that if the PEP cannot perform all intended
> obligations on a Permit that the access decision should be "Deny".
>
> It really begs the question of the PDP knowing what the PEP can or cannot
> fulfill in its policy evaluation, because it implies that if the
> obligation cannot be fulfilled by the PEP, that according to the proposal,
> it is actually really a Deny.
>
> Even leaving the PDP out of it, the PEP may not know if it could fulfill
> any operations until the PEP actually tries it. In simplist scenario, the
> obligation may not even terminate, or may be something like "delete record
> after 60 days" as has been pointed out.
>
> I think there may solution for that problem which is illustrated in a
> paper by Nafty Minsky. It's quite old, 1985, but might be to the point.
> The citation is below. I'll put the approach in our context:
>
> Since the PDP is asked by the PEP for a specific access request, we might
> want the PEP (or some other entity under control of the PEP) to keep track
> of enacted obligations and make sure that they are fulfiled.
>
> Obligations have the form of a triple of (deed,deadline,saction) where the
> semantics are to the PEP: The obligation says that the deed must be
> fullfilled by the deadline, or else the sanction will be executed (i.e.
> rectifying the situation). No, the sanction cannot be "deny".
>
> You have to take the following philosophy:
>
> Access has been granted with certain obligations and if obligations are
> not fullfiled (by the deadline), then something is done to rectify the
> situation, i.e. possibly: for being granted access some punishment is upon
> you for not fullfilling the obligations.
>
> This approach allows the PDP to tell the PEP what to do in the event that
> the PEP cannot enforce the obligations to be met, within some time frame,
> instead trying to figure out whether obligations like (delete record in 60
> days) can be fullfiled.
>
> The Citation. It is avalable off of the ACM Portal.
>
> Proceedings of the 8th international conference on Software engineering
> 1985 , London, England
>
> Ensuring integrity by adding obligations to privileges
>
> Authors
> Naftaly H. Minsky
> Abe D. Lockman
>
> Sponsors
> IEEE-CS : Computer Society
> SIGSOFT : ACM Special Interest Group on Software Engineering
>
> Publisher
> IEEE Computer Society Press Los Alamitos, CA, USA
>
> Pages: 92 - 102 Proceeding-Article
> Year of Publication: 1985
> ISBN:0-8186-0620-7
>
>
> Cheers,
> -Polar
>
>
>
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>