MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] Mising Attributes
The PDP MAY return an authorization decision of "Indeterminate"
result in evaluating an expression that requires at least one
value to be present from an attribute designator. The
AttributeId and DataType of the attribute MAY be listed in the
result as described in Section Authorization decision. However,
a PDP MAY fail to issue such information due to security
concerns.
The PDP SHALL consider an attribute as missing if it evaluates an
expression that requires at least one value to be present from an
attribute designator or selector. In this case, the expression evaluates
to "indeterminate". The PDP may carry the missing attribute upward in its
indeterminate value in accordance with the XACML evaluation strategy of
the encompassing expressions, rules, policies, and policy sets. If the PDP
evaluates its policy or policy set to Indeterminate with a missing
attribute, the PDP MAY list the AttributeId and DataType of that attribute
in the result as described in Section 7.5 "Authorization decision".
However, the PDP MAY choose not to issue such information due to security
concerns.
How's this?
-Polar
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC