OASIS eXtensible Access Control Markup Language (XACML) TC

All,

Do we want obligations in rules? I think we should and if the general 
opinion is that this is a good idea, could you let me know and I could 
post a working draft with this change so review is quicker?

In short this change means that the Rule schema would be changed to this:

    

Personally, I think that if we take this step--for the Use Cases I  
have seen given--we should reconsider the term Obligation. I have been  
a huge proponent of "more expressive" decisions, but I don't not think  
it makes sense to extend the definition of what an Obligation is to  
solve this.  "Reasons for a decision" are informational and have  
nothing to do with the original intent or definition of an Obligation.

This is not to say that I disagree with the mechanism, I just think  
that overloading the term Obligation will not benefit interoperability  
or clarity in the policies.

b

On Dec 10, 2008, at 2:57 AM, Erik Rissanen wrote:

> All,
>
> Do we want obligations in rules? I think we should and if the  
> general opinion is that this is a good idea, could you let me know  
> and I could post a working draft with this change so review is  
> quicker?
>
> In short this change means that the Rule schema would be changed to  
> this:
>
>   

Thanks Bill,

Yes, I agree that the term is perhaps not the best. Some things I note:

1. Support for obligations in Rules is relevant even for "genuine" 
obligations, so this change is really orthogonal to the meaning of the 
term obligation.

So I think we should make the particular change below.

2. I don't think it's a good idea to have two different mechanisms, one 
for genuine obligations and one for "informational" obligations. The 
reasons are:

 a. The mechanism will be the exact same thing at the low technical 
level in the PDP, so it's implementation overhead to have them both.

 b. As I think Hal said on the previous call, if we have two mechanisms, 
then it's going to be really hard for us to tell people when to use 
which of the two mechanisms because the end result will be the same 
regardless which one is used, and there is going to be a huge gray area 
between what is a genuine obligation and what is an informational 
obligation.

So I am strongly opposed two different mechanisms.

3. The question then is, as you say, should we reconsider the term 
"obligation". For me personally I don't mind the name since it's the 
semantics which matter. Also, if we change it, people will wonder what 
the difference to 2.0 is. It also means a bit more code for 
implementations which support both 2.0 and 3.0, but I suppose that this 
is no big deal.

And as a side note, I think informational obligations are a special case 
of genuine obligations since the interpretation of the obligation is up 
to the obligation issuer to define, and he could say that doing nothing 
is valid enforcement of the obligation.

So I am opposed to changing the name, but I could reconsider this if 
convincing enough arguments are presented. :-)

Best regards,
Erik


bill parducci wrote:
> Personally, I think that if we take this step--for the Use Cases I 
> have seen given--we should reconsider the term Obligation. I have been 
> a huge proponent of "more expressive" decisions, but I don't not think 
> it makes sense to extend the definition of what an Obligation is to 
> solve this.  "Reasons for a decision" are informational and have 
> nothing to do with the original intent or definition of an Obligation.
>
> This is not to say that I disagree with the mechanism, I just think 
> that overloading the term Obligation will not benefit interoperability 
> or clarity in the policies.
>
> b
>
> On Dec 10, 2008, at 2:57 AM, Erik Rissanen wrote:
>
>> All,
>>
>> Do we want obligations in rules? I think we should and if the general 
>> opinion is that this is a good idea, could you let me know and I 
>> could post a working draft with this change so review is quicker?
>>
>> In short this change means that the Rule schema would be changed to 
>> this:
>>
>>   

> 1. Support for obligations in Rules is relevant even for "genuine"  
> obligations, so this change is really orthogonal to the meaning of  
> the term obligation.

I agree that there is value in more granular control/response. So long  
as we are providing that mechanism in order to actually provide more  
granular obligations.

> 2. I don't think it's a good idea to have two different mechanisms,  
> one for genuine obligations and one for "informational" obligations.  
> The reasons are:

"Informational Obligations" is an oxymoron and as such is an anathema  
to standards definition in my opinion. There are Obligations--things  
which the PEP is compelled to act upon (read: verb)--and there is  
information that may be used in an number of ways (read: adjective).  
So I reject the notion that these are similar. True there is  
similarity in how they would be handled but as Rich pointed out, we  
have much of that in Policies and PolicySets today , yet they remain  
discrete.

> a. The mechanism will be the exact same thing at the low technical  
> level in the PDP, so it's implementation overhead to have them both.

Since neither is required to be supported it is a decision of the  
implementer as to what overhead is appropriate.

> b. As I think Hal said on the previous call, if we have two  
> mechanisms, then it's going to be really hard for us to tell people  
> when to use which of the two mechanisms because the end result will  
> be the same regardless which one is used, and there is going to be a  
> huge gray area between what is a genuine obligation and what is an  
> informational obligation.

If it is hard to define the use of two discretely defined mechanisms,  
then I suggest it is impossible to describe the use of a polymorphic  
junk drawer in any way that will be portable.

> So I am strongly opposed two different mechanisms.
>
> 3. The question then is, as you say, should we reconsider the term  
> "obligation". For me personally I don't mind the name since it's the  
> semantics which matter. Also, if we change it, people will wonder  
> what the difference to 2.0 is. It also means a bit more code for  
> implementations which support both 2.0 and 3.0, but I suppose that  
> this is no big deal.

I think it is very dangerous to take the position that the meaning of  
the nomenclature is unimportant. The TC wrestled with the term  
Obligations for weeks in an attempt to be precise about what this  
instrument is designed for. Relying solely upon semantics will allow  
us to solve the problem for a discrete implementation but I fear that  
attempting to use this across implementations will require a very  
"white box" approach to interoperability.

> And as a side note, I think informational obligations are a special  
> case of genuine obligations since the interpretation of the  
> obligation is up to the obligation issuer to define, and he could  
> say that doing nothing is valid enforcement of the obligation.

Er, lets discuss the propriety of null actions later :)

b

Thanks, see inline.

bill parducci wrote:
>> a. The mechanism will be the exact same thing at the low technical 
>> level in the PDP, so it's implementation overhead to have them both.
>
> Since neither is required to be supported it is a decision of the 
> implementer as to what overhead is appropriate.

Yes, but if there is only one mechanism, then it's less work to 
implement both uses.

>> b. As I think Hal said on the previous call, if we have two 
>> mechanisms, then it's going to be really hard for us to tell people 
>> when to use which of the two mechanisms because the end result will 
>> be the same regardless which one is used, and there is going to be a 
>> huge gray area between what is a genuine obligation and what is an 
>> informational obligation.
>
> If it is hard to define the use of two discretely defined mechanisms, 
> then I suggest it is impossible to describe the use of a polymorphic 
> junk drawer in any way that will be portable.

What I mean is that if we end up with two mechanisms with the same 
functionality, where the only difference is the "philosophical" 
interpretation of the terminology, then it will be difficult to explain 
to users what belongs in which category. For instance, are the 
classifications of these clear?

1. "For your information,  access was allowed because of Freedom of 
Information Policy".

2. "For your information, access was allowed because of Freedom of 
Information Policy, and also make sure you note this in the logs".

3. "For your information, access was allowed because of Freedom of 
Information Policy, and it may mean that you have to do something 
special because of this".

4. "For your information,  access was allowed because of Freedom of 
Information Policy". And the recipient does something special, without 
telling anyone about it, even though the policy writer did not ask for 
it when he communicated the meaning of the identifier.

Which of these are information, which are obligations. Could they be 
both? If we have two mechanisms, I can see users arguing about it on the 
users list taking different standpoints. :-) And in general, why would 
someone provide "information" if he did not expect the other party to 
act on it in some way. So in some sense all information can be seen as 
"commands" to the recipient.

Yet another aspect is that the architecture of a PDP/PEP implies a trust 
model where the PDP does not control the resource. This means that in 
some sense the PDP is ultimately just providing enforcement advice to 
the PEP, which means that a rock solid genuine obligation in a sense is 
just advice/information to the PEP since if the PEP does not follow 
through, the PDP might not be able to do anything about it.

Anyway, maybe it's just me, but I have a hard time seeing a clear 
difference between information and obligations.

Portability will "not be an issue" as long as users understand the 
meaning of each individual obligation identifier. (I'm ignoring the 
complication that each obligation id requires dedicated code, but I 
don't think that is relevant because if the TC would define the 
obligation identifier, then it would be portable, and if the TC doesn't, 
then it's a extension point, and cannot be expected to be portable. And 
for now I'm not going to open up the discussion if there are any 
particular obligation ids that the TC should define. ;-))

What I am saying is that it could be difficult to define in a clear cut 
way for each individual obligation identifier whether it belongs in the 
"information" or "obligation" category.

But in any case, I can think of a valid reason for a separate 
"information" mechanism. Currently the PEP must not ignore obligations, 
and must fail if it sees an obligation id which it doesn't recognize. If 
it knew that an obligation is information only, then it could safely 
ignore the "information". If this were the case, then it would really be 
two different mechanisms with distinct behaviours, beyond the mere 
"internal interpretation" of the obligation identifier. (The same effect 
could of course be achieved with a 'MayBeIgnored="true"' in the obligation.)

What I am opposed to are two mechanisms with the exact same effect in 
all respects, except that they are supposed to be used for two different 
categories of interpretation of the identifier. There must be some 
explicit difference between them.

>> 3. The question then is, as you say, should we reconsider the term 
>> "obligation". For me personally I don't mind the name since it's the 
>> semantics which matter. Also, if we change it, people will wonder 
>> what the difference to 2.0 is. It also means a bit more code for 
>> implementations which support both 2.0 and 3.0, but I suppose that 
>> this is no big deal.
>
> I think it is very dangerous to take the position that the meaning of 
> the nomenclature is unimportant. The TC wrestled with the term 
> Obligations for weeks in an attempt to be precise about what this 
> instrument is designed for. Relying solely upon semantics will allow 
> us to solve the problem for a discrete implementation but I fear that 
> attempting to use this across implementations will require a very 
> "white box" approach to interoperability.

No, I am not taking the position that naming does not matter. What I am 
saying is that in this case the error is not so big, so I can live with 
it. And changing it might be worse.

regards,
Erik

>> Since neither is required to be supported it is a decision of the  
>> implementer as to what overhead is appropriate.
> Yes, but if there is only one mechanism, then it's less work to  
> implement both uses.

This assumes that one wishes to implement both sets of functionality.  
You can argue that you get both for "free" but that feeds into my  
position that what you really get is an implementation black hole.  
Having this in place as proposed implies that any supporting either  
use supports both (whatever that is).

> What I mean is that if we end up with two mechanisms with the same  
> functionality, where the only difference is the "philosophical"  
> interpretation of the terminology, then it will be difficult to  
> explain to users what belongs in which category. For instance, are  
> the classifications of these clear?

> 1. "For your information,  access was allowed because of Freedom of  
> Information Policy".
>
> 2. "For your information, access was allowed because of Freedom of  
> Information Policy, and also make sure you note this in the logs".
>
> 3. "For your information, access was allowed because of Freedom of  
> Information Policy, and it may mean that you have to do something  
> special because of this".
>
> 4. "For your information,  access was allowed because of Freedom of  
> Information Policy". And the recipient does something special,  
> without telling anyone about it, even though the policy writer did  
> not ask for it when he communicated the meaning of the identifier.
>
> Which of these are information, which are obligations. Could they be  
> both? If we have two mechanisms, I can see users arguing about it on  
> the users list taking different standpoints. :-) And in general, why  
> would someone provide "information" if he did not expect the other  
> party to act on it in some way. So in some sense all information can  
> be seen as "commands" to the recipient.

So what you are saying is that as a TC we cannot sufficiently describe  
a mechanism or mechanisms to differentiate this but it is soluble by  
providing implementers with a magic box that can contain anything-- 
actionable or not--and this is OK? We cannot enforce specific usage of  
the framework, however I think we should avoid design that exacerbates  
non-portable information. I am not concerned if the payload is "clear"  
I am arguing that the context must be where possible. The Use Cases I  
heard seemed quite explicit, common and begged for some sort of  
causality attribute to be returned. This is not ambiguous or  
superfluous in my opinion and I can see many people using it and  
choosing to implement Obligations.

> Yet another aspect is that the architecture of a PDP/PEP implies a  
> trust model where the PDP does not control the resource. This means  
> that in some sense the PDP is ultimately just providing enforcement  
> advice to the PEP, which means that a rock solid genuine obligation  
> in a sense is just advice/information to the PEP since if the PEP  
> does not follow through, the PDP might not be able to do anything  
> about it.

Not entirely true. The intent of an Obligation is that while it's  
ramifications exist outside of the decision/enforcement context that  
should the PEP not be able to fulfill it a systematic error condition  
would be generated. Of course how this works is implementational but  
that doesn't discount the concept that a Policy Writer would  
reasonably expect that an Obligation is carried out and if not there  
are subsequent actions. This is not necessarily the case with  
causality as it is a logical attribute of the decision, not a  
component of it:

Obligation: "PERMIT + DO"
Cause: "DENY + WHY"

> Anyway, maybe it's just me, but I have a hard time seeing a clear  
> difference between information and obligations.
>
> Portability will "not be an issue" as long as users understand the  
> meaning of each individual obligation identifier. (I'm ignoring the  
> complication that each obligation id requires dedicated code, but I  
> don't think that is relevant because if the TC would define the  
> obligation identifier, then it would be portable, and if the TC  
> doesn't, then it's a extension point, and cannot be expected to be  
> portable. And for now I'm not going to open up the discussion if  
> there are any particular obligation ids that the TC should  
> define. ;-))

By channeling increased functionality that is not portable we are  
encouraging the wrong behavior IMO. I make this same argument every  
time we want to add an extension point for the same reasons. Sometimes  
you must bite the bullet and do such things, but because there is  
overlap in mechanics doesn't seem like one of those times.

> What I am saying is that it could be difficult to define in a clear  
> cut way for each individual obligation identifier whether it belongs  
> in the "information" or "obligation" category.

What I am saying is that I don't consider Cause a subset of  
Obligation. It simply isn't. The mechanisms can be identical (in which  
case I would argue that implementation overhead would be quite light),  
but they are fundamentally different.

> But in any case, I can think of a valid reason for a separate  
> "information" mechanism. Currently the PEP must not ignore  
> obligations, and must fail if it sees an obligation id which it  
> doesn't recognize. If it knew that an obligation is information  
> only, then it could safely ignore the "information". If this were  
> the case, then it would really be two different mechanisms with  
> distinct behaviours, beyond the mere "internal interpretation" of  
> the obligation identifier. (The same effect could of course be  
> achieved with a 'MayBeIgnored="true"' in the obligation.)

[side note] a PEP that *accepts* Obligations must behave thus. I could  
be wrong but I seem to recall that a PEP that chooses not to support  
Obligations may ignore them and proceed (one of the places where I  
believe PDP meta data could come in handy ;).

I understand that you can look at this mechanically and say, "If i  
just put all the stuff there isn't an explicit mechanism to handle  
into this field then I can 'extend' the Policy to do whatever I need."  
What I am saying is that I think it is a Bad Idea to encourage it.

> What I am opposed to are two mechanisms with the exact same effect  
> in all respects, except that they are supposed to be used for two  
> different categories of interpretation of the identifier. There must  
> be some explicit difference between them.

I think there clearly are, just maybe not mechanical :)

> No, I am not taking the position that naming does not matter. What I  
> am saying is that in this case the error is not so big, so I can  
> live with it. And changing it might be worse.

Sorry, but "junk drawers" bubble up to the top of my pet peeve list,  
so I have a hard time "living with it" ;)

b

oops, typo:

> This is not ambiguous or superfluous in my opinion and I can see  
> many people using it and choosing to implement Obligations.

This is not ambiguous or superfluous in my opinion and I can see many  
people using it and choosing to NOT implement Obligations.

sorry :)

b

Obligation: "PERMIT + DO"


Could also be PERMIT+WHAT.  One actual use case I have seen was to use decision attributes..errr.. obligations to provide a selection query for the user data or operations that retrieve the allowed set..

Daniel;

Yes. That is very similar to the "filter" Use Case I put on the wiki a  
while ago... :)

b

On Dec 10, 2008, at 4:34 PM, Daniel Engovatov wrote:
>
> Could also be PERMIT+WHAT.  One actual use case I have seen was to  
> use decision attributes..errr.. obligations to provide a selection  
> query for the user data or operations that retrieve the allowed set..
>
> Daniel;
>

Hi Bill,

And thanks for the enlightening discussion. :-)

You express yourself well and I do agree with you that there is a 
difference between "Why" and "Do", but I still think that it will be 
difficult to separate the two from each other in real world use cases, 
where the two tend to get mixed together. Where do you put something 
which is both? But maybe that is not such a big problem?

And, yes I agree with you that use of extension points should be 
discouraged, but that is really a separate issue from what I have been 
arguing for. I am really saying just one thing: I don't think it is a 
good idea to have two different features which are "mechanically" 
identical. (Or, at least until you convince me otherwise. ;-)) It's 
another issue that even having one such feature might be bad from an 
interoperability point of view.

If we focus back on the original issues for the 3.0 core we are working on:

1. Do we want to define a special mechanism for "Why" (and/or "What")?
2. If so, what is the concrete proposal for that?
3. Would it be mechanically different from obligations in any way?
(And would it be a problem if it's identical. Well, I know you position 
on this Bill.;-))

Best regards,
Erik


Bill Parducci wrote:
>>> Since neither is required to be supported it is a decision of the 
>>> implementer as to what overhead is appropriate.
>> Yes, but if there is only one mechanism, then it's less work to 
>> implement both uses.
>
> This assumes that one wishes to implement both sets of functionality. 
> You can argue that you get both for "free" but that feeds into my 
> position that what you really get is an implementation black hole. 
> Having this in place as proposed implies that any supporting either 
> use supports both (whatever that is).
>
>> What I mean is that if we end up with two mechanisms with the same 
>> functionality, where the only difference is the "philosophical" 
>> interpretation of the terminology, then it will be difficult to 
>> explain to users what belongs in which category. For instance, are 
>> the classifications of these clear?
>
>> 1. "For your information,  access was allowed because of Freedom of 
>> Information Policy".
>>
>> 2. "For your information, access was allowed because of Freedom of 
>> Information Policy, and also make sure you note this in the logs".
>>
>> 3. "For your information, access was allowed because of Freedom of 
>> Information Policy, and it may mean that you have to do something 
>> special because of this".
>>
>> 4. "For your information,  access was allowed because of Freedom of 
>> Information Policy". And the recipient does something special, 
>> without telling anyone about it, even though the policy writer did 
>> not ask for it when he communicated the meaning of the identifier.
>>
>> Which of these are information, which are obligations. Could they be 
>> both? If we have two mechanisms, I can see users arguing about it on 
>> the users list taking different standpoints. :-) And in general, why 
>> would someone provide "information" if he did not expect the other 
>> party to act on it in some way. So in some sense all information can 
>> be seen as "commands" to the recipient.
>
> So what you are saying is that as a TC we cannot sufficiently describe 
> a mechanism or mechanisms to differentiate this but it is soluble by 
> providing implementers with a magic box that can contain 
> anything--actionable or not--and this is OK? We cannot enforce 
> specific usage of the framework, however I think we should avoid 
> design that exacerbates non-portable information. I am not concerned 
> if the payload is "clear" I am arguing that the context must be where 
> possible. The Use Cases I heard seemed quite explicit, common and 
> begged for some sort of causality attribute to be returned. This is 
> not ambiguous or superfluous in my opinion and I can see many people 
> using it and choosing to implement Obligations.
>
>> Yet another aspect is that the architecture of a PDP/PEP implies a 
>> trust model where the PDP does not control the resource. This means 
>> that in some sense the PDP is ultimately just providing enforcement 
>> advice to the PEP, which means that a rock solid genuine obligation 
>> in a sense is just advice/information to the PEP since if the PEP 
>> does not follow through, the PDP might not be able to do anything 
>> about it.
>
> Not entirely true. The intent of an Obligation is that while it's 
> ramifications exist outside of the decision/enforcement context that 
> should the PEP not be able to fulfill it a systematic error condition 
> would be generated. Of course how this works is implementational but 
> that doesn't discount the concept that a Policy Writer would 
> reasonably expect that an Obligation is carried out and if not there 
> are subsequent actions. This is not necessarily the case with 
> causality as it is a logical attribute of the decision, not a 
> component of it:
>
> Obligation: "PERMIT + DO"
> Cause: "DENY + WHY"
>
>> Anyway, maybe it's just me, but I have a hard time seeing a clear 
>> difference between information and obligations.
>>
>> Portability will "not be an issue" as long as users understand the 
>> meaning of each individual obligation identifier. (I'm ignoring the 
>> complication that each obligation id requires dedicated code, but I 
>> don't think that is relevant because if the TC would define the 
>> obligation identifier, then it would be portable, and if the TC 
>> doesn't, then it's a extension point, and cannot be expected to be 
>> portable. And for now I'm not going to open up the discussion if 
>> there are any particular obligation ids that the TC should define. ;-))
>
> By channeling increased functionality that is not portable we are 
> encouraging the wrong behavior IMO. I make this same argument every 
> time we want to add an extension point for the same reasons. Sometimes 
> you must bite the bullet and do such things, but because there is 
> overlap in mechanics doesn't seem like one of those times.
>
>> What I am saying is that it could be difficult to define in a clear 
>> cut way for each individual obligation identifier whether it belongs 
>> in the "information" or "obligation" category.
>
> What I am saying is that I don't consider Cause a subset of 
> Obligation. It simply isn't. The mechanisms can be identical (in which 
> case I would argue that implementation overhead would be quite light), 
> but they are fundamentally different.
>
>> But in any case, I can think of a valid reason for a separate 
>> "information" mechanism. Currently the PEP must not ignore 
>> obligations, and must fail if it sees an obligation id which it 
>> doesn't recognize. If it knew that an obligation is information only, 
>> then it could safely ignore the "information". If this were the case, 
>> then it would really be two different mechanisms with distinct 
>> behaviours, beyond the mere "internal interpretation" of the 
>> obligation identifier. (The same effect could of course be achieved 
>> with a 'MayBeIgnored="true"' in the obligation.)
>
> [side note] a PEP that *accepts* Obligations must behave thus. I could 
> be wrong but I seem to recall that a PEP that chooses not to support 
> Obligations may ignore them and proceed (one of the places where I 
> believe PDP meta data could come in handy ;).
>
> I understand that you can look at this mechanically and say, "If i 
> just put all the stuff there isn't an explicit mechanism to handle 
> into this field then I can 'extend' the Policy to do whatever I need." 
> What I am saying is that I think it is a Bad Idea to encourage it.
>
>> What I am opposed to are two mechanisms with the exact same effect in 
>> all respects, except that they are supposed to be used for two 
>> different categories of interpretation of the identifier. There must 
>> be some explicit difference between them.
>
> I think there clearly are, just maybe not mechanical :)
>
>> No, I am not taking the position that naming does not matter. What I 
>> am saying is that in this case the error is not so big, so I can live 
>> with it. And changing it might be worse.
>
> Sorry, but "junk drawers" bubble up to the top of my pet peeve list, 
> so I have a hard time "living with it" ;)
>
> b
>
> ---------------------------------------------------------------------
> To unsubscribe from this mail list, you must leave the OASIS TC that
> generates this mail.  Follow this link to all your TCs in OASIS at:
> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php

On Dec 11, 2008, at 8:02 AM, Erik Rissanen wrote:
>
> If we focus back on the original issues for the 3.0 core we are  
> working on:
>
> 1. Do we want to define a special mechanism for "Why" (and/or "What")?
> 2. If so, what is the concrete proposal for that?
> 3. Would it be mechanically different from obligations in any way?
> (And would it be a problem if it's identical. Well, I know you  
> position on this Bill.;-))

Before I can answer #2 or #3 the TC must decide upon your proposal to  
move Obligations to the Rule level :)

So, in the spirit of summarization I offer the following observations:

A. I believe that the justifications for the ObligationExpressions  
proposal were the Boeing Use Cases and anecdotal observations that  
others have run into similar issues.

B. These Use Cases were fairly specific: information as to WHY a  
decision was made are needed

C. It was noted that V2 Obligations can partially solve this problem

D. The use of Obligations for this were met with a luke warm reception  
(or is "kludge" tepid :D )

E. By making Obligations dynamic and adding them at the Rule level the  
problem can be more fully solved


IF my summary is correct on this then I propose that we not extend  
Obligations to the Rule level, make them dynamic and co-opt your  
ObligationExpressions proposal to introduce (Cause|Advice)Expressions.  
Under this scenario the machinery for this would be identical between  
Obligations and Causes from the Policy level up, but would differ in  
that only Causes would exist at the Rule level.

My fundamental reason for suggesting that we not extend Obligations  
down is that they are poorly understood due to a lack of tangible  
function. The original intent of handling asynchronous decision  
actions has waned and what remains is a place to "put stuff that we  
don't account for in the spec". I had hoped that a way to quantify  
(and combine! :) such things would be found--which is why I spent a  
number of weeks early in the V3 process thinking about how to approach  
this--but it proved to be too difficult given a number of factors (not  
the least of which are limitations in my skill set ;) Therefore I  
would prefer that we do not extend something that is fundamentally  
broken (yes, Polar, you did tell me so a few years ago :-p )

I am not excited about "duplicate" machinery, but if we have a chance  
to address a real world problem in a precise way I think we should  
explore it. If there is interest in this approach by others then I  
would be happy to cut and paste the schema bits up, but I think what I  
have outlined above is "concrete" enough for a general decision on  
whether it is a viable option to pursue further.

thanks

b

Yes I think it is a good idea

David

Erik Rissanen wrote:
> All,
> 
> Do we want obligations in rules? I think we should and if the general 
> opinion is that this is a good idea, could you let me know and I could 
> post a working draft with this change so review is quicker?
> 
> In short this change means that the Rule schema would be changed to this:
> 
>