[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Policies vs. Rules
Hi Florian, I agree with your issue, and I believe the TC also, in principle, agrees. This was the primary motivation behind the development of the so-called "extended" combining algorithms that are in the current XACML 3.0 draft: http://www.oasis-open.org/committees/download.php/31494/xacml-3.0-core-wd-09.zip These "extended" algorithms have two significant characteristics:
Rich Florian Huonder wrote: 49be214a.1ac1f10a.3de6.5844@mx.google.com" type="cite">Hi all, I have a question about Policies and Rules. I really do not see the reason to distinguish between Policy and Rule. In my opinion, everything that you can solve with a Policy that has multiple rules, can also be solved with multiple Policies (where each only has one single Rule). The only difference that I see between Rules and Policies are that they map to different target sets. Meaning that a Rule maps to DENY or PERMIT and a Policy to DENY, PERMIT and NOT_APPLICABLE (I left away INDETERMINATE). But I really do not see a practical application for this difference. Maybe you could give me a hint about what the intent is behind Policies and Rules? I heard that there is a requirement for Rules. Could anybody tell me what the requirement for Rules is? Regards, Florian |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]