MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] proposed amendment to Polar's resolution of PM-2-05
Title: BATCH #2: E-mail vote to close issues...
While generally
agreeing with Polar's proposal for PM-2-05 resolution, I have concern with the
fact that his proposed text is vague in section 8.1 about whether
a PDP must or may list attributes that
are needed by the PDP to refine its decision:
------------------------------------------------------------------------------------------------------------------
The PDP MAY return an "authorization decision" of "indeterminate"
with an
error code of "insufficient
information", signifying that more information
needed. In this case, the "authorization decision" will list any the
names
of any attributes of the subject and
the resource that are needed by the
PDP to
refine its "authorization decision".
-----------------------------------------------------------------------------------------------------------------
I suggest to amend
the text of the resolution so that the above fragment will read the
following:
------------------------------------------------------------------------------------------------------------------
The PDP MAY return an "authorization decision" of "indeterminate"
with an
error code of "insufficient
information", signifying that more information
needed. In this case, the "authorization decision" MAY list the
names
of any attributes of the subject and
the resource that are needed by the
PDP to
refine its "authorization decision".
-----------------------------------------------------------------------------------------------------------------
The change makes a list of the attributes
that are needed by the PDP to refine its decision optional.
Regards
Konstantin