MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] another small time/date issue
why not? it is conceivable that it would information that the requestor
does not--or should not--have that could be used for accessing
secondary information necessary to derive a decision. as you pointed out
earlier this falls into the realm of operational control, and as such is
beyond the XACML scope. still, it doesn't mean that XACML doesn't play a
role in each decision.
b
Daniel Engovatov wrote:
> ..but PDP is not intended to be a source (for "adding/enhancing") of
> information, is it? In most cases, one would expect the same piece of
> code to somehow provide both PDP and PIP services, but for the purpose
> of the standard these are two very distinct activities, I would imagine.
>
> Same reason as for why the bags are not ordered. Attempt to prescribe
> how it is to be done may be too much for us to tackle, and I am not sure
> that we should try. XACML is deterministic given that PIP and request
> provides the exact same data, but does not require that, beyond the
> statement that condition functions shall not have side effects and shall
> return the same response for the same arguments every time.
>
> D.
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]