[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml-comment] A question about how to evaluate a policy set
Hi, I have a question about how to evaluate a policy set. Appendix C describes how to combine a sequence of policies. However, it's unclear to me how to combine a sequence of policy SETs (e.g., a sequence of two policy sets). ------------------------------ Question: For example consider a policy set (the root policy set R) using the "First-applicable" policy combining alg. Assume that the root policy set R contains a sequence of two policy sets (A and B). Assume that the policy set A contains two policies (A1 and A2). Assume that the policy set B contains two policies (B1 and B2). The question is how to evaluate the root policy set R. I think there are two approaches to such an evaluation. Please tell me which one is correct. It seems to me Approach 1 is correct from the description in Appendix C. Is there any description related to this question in the specification? ------------------------------ Approach 1: We first flatten out the tree of the policy set R so that we can consider the policy set R contains the four policies (A1, A2, B1, B2) as immediate children. Then we evaluate the policy set R according to the algorithm described in Appendix C. Note that this approach IGNORES the policy combining algorithms specified in the intermediate policy sets A and B. ------------------------------ Approach 2: We don't flatten out. First we evaluate the policy set A to combine A1 and A2 accroding to A's policy combining algorithm. If A is applicable return the decision. Otherwise evaluate the policy set B to combine B1 and B2 accroding to B's policy combining algorithm...... ... ------------------------------ Satoshi Hada IBM Tokyo Research Laboratory mailto:satoshih@jp.ibm.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC