OASIS eXtensible Access Control Markup Language (XACML) TC

Security considerations for the access-permitted function

  • 1.  Security considerations for the access-permitted function

    Posted 06-24-2008 15:30
    All,
    
    As agreed I am moving the access-permitted function from the delegation 
    profile into the core spec.
    
    When I did so I did some thinking about the concerns I have about the 
    function.
    
    As a reminder: this is the function defined in the delegation profile 
    which returns true if an access request specified in its arguments is 
    permitted.
    
    The way the function invokes the PDP as a brand new request going back 
    to the top level in the policies means that it is very hard to 
    understand its behavior or put bounds on the execution.
    
    Currently the specification of the function contains the following text:
    
    --8<--
    The PDP SHALL detect any loop which may occur if successive evaluations 
    invoke this function. If such a loop is detected, the initial invocation 
    of this function evaluates to Indeterminate with a 
    “urn:oasis:names:tc:xacml:1.0:status:processing-error” status code.
    --8<--
    
    This text is a bit ambiguous. Does it mean
    
    - any invocation of the access-permitted function at all
    
    - any invocation of the same instance of the access-permitted function 
    (with an instance I mean the specific