Semantics of Permissions, Prohibitions, and Obligations #74
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
The semantics of Permissions, Prohibitions, and Obligations from a descriptive point of view are quite clear. However, IMHO, from the evaluation point of view they do not have clear differences. At the end, a policy encodes a set of rules, each of which codifies a set of restrictions and an action to be performed.
It is true that Obligations may require a proof from a third-party actor, however, I wonder if such proof could not be encoded as an action itself hiding how this proof is obtained and checked in the policy and leaving such behaviour to the implementations. Maybe the difference, from the implementation point of view, is that permissions and prohibitions are usually perceived as synchronous evaluations of the policies; a requester wants to do something with a resource, a set of suitable policies are found, they are evaluated and their actions performed. Instead, Obligations are more asynchronous alike, something happens in the world, the policy then needs some data-related to such event, and depending on that an action happens
The text was updated successfully, but these errors were encountered: