Obligation Use-Cases

Handling Instruction for A Data Resource



Multiple Obligations from Different Rules/Policies

Summary: When multiple obligations are issued from different rules, it is unclear how obligations could be combined.

  1. If two policies result in parallel "Permit" decisions, and each includes an obligation, must both obligations be enforced?
  2. If two policies result in parallel "Permit" decisions, and one of them includes an obligation, does the "Permit" without obligation indicate that the first obligation is unneeded?

There are different use cases that suggest that any single answer to the questions above may be incorrect some of the time. Some examples:

There are assumed answers in each of the scenarios above, but the point of the examples is to illustrate that different scenarios may intend that obligations are combined in different ways.

What is the best way to articulate these differences?


Multiple Possible Obligations in a Workflow

Summary: A financial account may have various interested parties: a beneficial owner, a manager, and a custodian. When a user requests access, any of the interested parties may or may not require explicit approval, as a logical precondition and perhaps as a temporal precondition. In the context of a workflow, each workflow step is a protected operation. The step that works with the financial account begins with an access request; this access request may result in a "Permit" with up to three approval obligations.

How are the approvals combined, sequenced, and/or prioritized?


ObligationUseCases (last edited 2013-05-17 18:21:25 by dlaurance)