OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Suggestion: new function ifelse

Hi,

I'm currently translating a custom authorization model into XACML
policies, and one of the things that is most complicated about it is
that XACML is lacking an "ifelse" function. Therefore I suggest to add
it to XACML 3.0. The specification would be:

The "ifelse" function takes three arguments: The first has type boolean,
the others have equal types. The function first evaluate its first
argument. If it evaluates to true, the function evaluates and returns
the second argument. If the first argument evaluates to false, the
function evaluates and returns the third argument.

With that function, it would be easy to write a policy like the following:

| if action-id == "delete-everything":
|    return Deny
| else:
|    return role == "admin"

Did you ever feel the need for such a function?

Have you already considered the addition of such a function?

Roland

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]