Skip to main content



XACML defines obligations as actions that have to be returned to the PEP with the PDP response XACML .

If the PDP's evaluation is viewed as a tree of rules, policy sets and policies, each of which returns "Permit" or "Deny", then the set of obligations returned by the PDP to the PEP will include only the obligations associated with those paths where the effect at each level of evaluation is the same as the effect being returned by the PDP.

Screen Overview


Add Obligation



Standard attributes

  • Obligation
    • urn:soffid:obligation:otp
    • urn:soffid:obligation:message
    • urn:soffid:obligation:bpm
    • urn:soffid:obligation:session-recording
    • urn:soffid:obligation:notify-owner
  • Full fill on:
    • Permit
    • Deny
  • Attribute:
    • text: message that will be showed.
    • process: process that will be launched.
    • timeout: period of time the otp code will be valid for.
  • Value: the value of the attribute.
urn:soffid:obligation:otp timeout
urn:soffid:obligation:message text
urn:soffid:obligation:bpm process


Add new

Allows you to add a new obligation to the obligations list. To add a new obligation you need to click the add button, located at the end of the header and fulfill the form and save the data.


Allows you to delete an obligation to the obligations list.  To delete the obligation, you need to click the obligation you want to delete and click the button with the subtraction symbol (-) at the end of the record.

To perform that action, Soffid will ask you for confirmation, you could confirm or cancel the operation.


Allows you to save the data of a new variable or to update the data of a specific variable. To save the data it will be mandatory to fill in the required fields


Allows you to quit without applying any changes.