OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  [xacml] Obligations

    Posted 02-25-2002 09:53
    
    I don't like the proposal that if the PEP cannot perform all intended
    obligations on a Permit that the access decision should be "Deny".
    
    It really begs the question of the PDP knowing what the PEP can or cannot
    fulfill in its policy evaluation, because it implies that if the
    obligation cannot be fulfilled by the PEP, that according to the proposal,
    it is actually really a Deny.
    
    Even leaving the PDP out of it, the PEP may not know if it could fulfill
    any operations until the PEP actually tries it. In simplist scenario, the
    obligation may not even terminate, or may be something like "delete record
    after 60 days" as has been pointed out.
    
    I think there may solution for that problem which is illustrated in a
    paper by Nafty Minsky. It's quite old, 1985, but might be to the point.
    The citation is below. I'll put the approach in our context:
    
    Since the PDP is asked by the PEP for a specific access request, we might
    want the PEP (or some other entity under control of the PEP) to keep track
    of enacted obligations and make sure that they are fulfiled.
    
    Obligations have the form of a triple of (deed,deadline,saction) where the
    semantics are to the PEP: The obligation says that the deed must be
    fullfilled by the deadline, or else the sanction will be executed (i.e.
    rectifying the situation). No, the sanction cannot be "deny".
    
    You have to take the following philosophy:
    
    Access has been granted with certain obligations and if obligations are
    not fullfiled (by the deadline), then something is done to rectify the
    situation, i.e. possibly: for being granted access some punishment is upon
    you for not fullfilling the obligations.
    
    This approach allows the PDP to tell the PEP what to do in the event that
    the PEP cannot enforce the obligations to be met, within some time frame,
    instead trying to figure out whether obligations like (delete record in 60
    days) can be fullfiled.
    
    The Citation. It is avalable off of the ACM Portal.
    
    Proceedings of the 8th international conference on Software engineering
    1985 , London, England
    
      Ensuring integrity by adding obligations to privileges
    
      Authors
        Naftaly H. Minsky
        Abe D. Lockman
    
      Sponsors
        IEEE-CS : Computer Society
        SIGSOFT : ACM Special Interest Group on Software Engineering
    
      Publisher
       IEEE Computer Society Press   Los Alamitos, CA, USA
    
        Pages: 92 - 102  Proceeding-Article
        Year of Publication: 1985
        ISBN:0-8186-0620-7
    
    
    Cheers,
    -Polar