[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] no rules or policies
Sections 7.6 and 7.7 contain, respectively, the only text in the spec that says what to do when a Policy has no Rules or a PolicySet has no policies. Unfortunately, the language is a little muddled (and looks like it might be left over from a previous version). Section 7.6 says "A Rules value of 'At-least-one-applicable' SHALL be used if the <Rule> element is absent..." Section 7.7 says "A policies value of 'At-least-one-applicable' SHALL be used if there are no contained or referenced policies or policy sets..." Is this supposed to imply that if the rule/policy[set] is missing, then the result should always be the result of the at-least-one-applicable combining algorithm, ie NotApplicable? If that's the case, I'd like to request that the text be clarified so that it's more obvious (since the above text doesn't really mean anything). If that's not the case, these sections need to be expanded to explain what to return in these conditions. As a side note, I don't really understand what the value is of having a Policy with no Rule, since it will always return the same thing (probably N/A), so why bother going through the effort of evaluating it? In other words, what is the reason for the schema defining PolicyType to have <xs:element ref="xacml:Rule" minOccurs="0" ... seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC