[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] C.3 First-Applicable policy-combining alg inconsistent
In the description of the policy-combining algorithm for FirstApplicable, lines 4752-4754 say: if error occurs while evaluating a policy, then evaluation shall continue looking for an applicable policy, returning Indeterminate only if no applicable policy found. But lines 4755-4758 say: if error occurs while evaluation a policy, then evaluation shall halt and policy set shall evaluate to "Indeterminate". Lines 4752-4754 should be deleted. That would be consistent with the pseudo-code and with the "safety" of not allowing any "Permit" if there is an Indeterminate that should have returned a Deny. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC