[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Definition of the rule combining algorithms
Hi, I find the current text of the combining algorithms hard to read. And in addition, it doesn't cover all cases (for example, having only indeterminate-with-permit rules in the deny-overrides algorithm). Therefore I propose to reword the definition as follows: Def.: Deny-overrides rule combining algorithm 1. If any rule evaluates to "Deny", the result is "Deny". 2. Otherwise, if any rule having Effect="Deny" evaluates to "Indeterminate", the result is "Indeterminate". 3. Otherwise, if any rule evaluates to "Permit", the result is "Permit". 4. Otherwise, if any rule having Effect="Permit" evaluates to "Indeterminate", the result is "Indeterminate". 5. Otherwise, the result is "NotApplicable". That's all. Five simple conditionals. And I think it is much easier to read and understand than the current text. In all cases that are covered by the current text, the outcome is the same. Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]