You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In a de-coupled PDP/PEP environment, it is difficult to conceive how a PDP can convey reason (admin or user) values except in the case of specific "deny" policies.
If a PDP system is default deny unless permitted, then most responses can have no reason because no permission was matched.
What other information could or should be provided (e.g. count of policies reviewed)?
If it is useful to give a reason for denial, is it useful to give reason for permission (e.g. which policy permitted the action)?
The text was updated successfully, but these errors were encountered:
In a de-coupled PDP/PEP environment, it is difficult to conceive how a PDP can convey
reason
(admin or user) values except in the case of specific "deny" policies.If a PDP system is default deny unless permitted, then most responses can have no reason because no permission was matched.
What other information could or should be provided (e.g. count of policies reviewed)?
If it is useful to give a reason for denial, is it useful to give reason for permission (e.g. which policy permitted the action)?
The text was updated successfully, but these errors were encountered: