[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] XACML Samples
On Tue, 2004-10-12 at 16:09, Kuketayev, Argyn wrote: > I'm addressing this problem with "unit tests". I write lots of tests to > check that rights are granted properly. > > [...] > > Whenever there's any change in policies, all these tests must be > executed successfully. I don't there's a better way to achieve your > objectives. This is definately the most straightforward way to tackle the problem, but it has two problems. One is that it's a pain to write and maintain all those test policies, and there's no guarentee you wrote those cases correctly (without in turn testing them). The second is that you can't be sure if your test cases actually cover all the corners. What Mahdi was getting at, and what he and I (and probably others) have been working on is automated ways to verify certain aspects of policy. For instance, does a policy contradict itself, or given some formal definition, does it ever provide the wrong answer. This saves you having to write unit tests in many (though probably not all) cases. seth
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]