OASIS eXtensible Access Control Markup Language (XACML) TC

  • 1.  [xacml] Mising Attributes

    Posted 10-17-2002 12:02
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] Mising Attributes


    
      The PDP MAY return an authorization decision of "Indeterminate"
      result in evaluating an expression that requires at least one
      value to be present from an attribute designator. The
      AttributeId and DataType of the attribute MAY be listed in the
      result as described in Section Authorization decision. However,
      a PDP MAY fail to issue such information due to security
      concerns.
    
    
    The PDP SHALL consider an attribute as missing if it evaluates an
    expression that requires at least one value to be present from an
    attribute designator or selector. In this case, the expression evaluates
    to "indeterminate". The PDP may carry the missing attribute upward in its
    indeterminate value in accordance with the XACML evaluation strategy of
    the encompassing expressions, rules, policies, and policy sets. If the PDP
    evaluates its policy or policy set to Indeterminate with a missing
    attribute, the PDP MAY list the AttributeId and DataType of that attribute
    in the result as described in Section 7.5 "Authorization decision".
    However, the PDP MAY choose not to issue such information due to security
    concerns.
    
    
    How's this?
    
    -Polar
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC