I have a question concerning the faithfulness of the primitive requests for creating and destroying subjects and object. For each interpretation of the formalization there is this statement refering to \(\forall s' \in S', o' \in O', a' \in ATTRIBS. (s',o',a') \in A' \Leftrightarrow (s',o',a') \in A\):
In my opinion this is true for the "create" requests but not for both "destroy" requests, because the authorization relation should change in a way that all authorizations in A having the destroyed subjects and/or objects are no longer present in the new relation A'.The fourth clause ensures that authorizations for subjects and objects remain unchanged by the primitive request.
I must admit that I'm even not quite sure, whether the formula has any constraints on what should happen with the destroyed entities within the authorization relation, because it is only quantifying over the new sets where the destroyed subjects and objects are already removed. So am I right that there is nothing said about the destroyed entities and that they could still remain in the autorizations, but that this is not mandatory?
Thank you in advance for your help
