[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Suggestion: new function ifelse
Hi, I'm currently translating a custom authorization model into XACML policies, and one of the things that is most complicated about it is that XACML is lacking an "ifelse" function. Therefore I suggest to add it to XACML 3.0. The specification would be: The "ifelse" function takes three arguments: The first has type boolean, the others have equal types. The function first evaluate its first argument. If it evaluates to true, the function evaluates and returns the second argument. If the first argument evaluates to false, the function evaluates and returns the third argument. With that function, it would be easy to write a policy like the following: | if action-id == "delete-everything": | return Deny | else: | return role == "admin" Did you ever feel the need for such a function? Have you already considered the addition of such a function? Roland
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]