[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] policy inconsistency
Why would not it make sense? Consider the following scenario: one default policy permits something. Administrator adds a temporary policy to block that - it is much nicer to add a DENY rule, then to edit away rule in the default policy. Later this DENY rule may be revoked. I do not see any semantic inconsistency in this usage: this is exactly the reason to have DENY rules and combining algorithm. If not for this kind of rules - there would be little reason to have the DENY effect - as the effect of deny could be handled using only the NOTAPPLICABLE. Daniel; -----Original Message----- From: Argyn [mailto:jawabean@gmail.com] Sent: Monday, May 01, 2006 9:29 AM To: xacml-users@lists.oasis-open.org Subject: Re: [xacml-users] policy inconsistency I think it's more like "semantic inconsistency". sure, XACML engine may produce an answer, but it doesn't mean that it'll make sense thanks argyn On 5/1/06, Daniel Engovatov <dengovatov@bea.com> wrote: > Why is that inconsistent? > > Dependent on your rule and policy combining algorithm there is always a definitive consistent answer for such a policy. > > Daniel; > > -----Original Message----- > From: Koko Ga [mailto:ajajakoko@yahoo.com] > Sent: Monday, May 01, 2006 7:52 AM > To: xacml-users@lists.oasis-open.org > Subject: [xacml-users] policy inconsistency > > Hi, > I'm looking into understanding the different types of policy inconsistency. Are you aware of any work on this topic? > A common case of inconsistency is when two rules have the same <subject, object, action> tuple and the rulings are conflict with each other (permit and deny). Do you know of any other examples of policy inconsistency? > > Thanks, > > koko, > > > --------------------------------- > Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice. > _______________________________________________________________________ > Notice: This email message, together with any attachments, may contain > information of BEA Systems, Inc., its subsidiaries and affiliated > entities, that may be confidential, proprietary, copyrighted and/or > legally privileged, and is intended solely for the use of the individual > or entity named in this message. If you are not the intended recipient, > and have received this message in error, please immediately return this > by email and then delete it. > > --------------------------------------------------------------------- > This publicly archived list supports open discussion on using the > XACML OASIS Standard. To minimize spam in the archives, you > must subscribe before posting. > > [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ > Alternately, using email: list-[un]subscribe@lists.oasis-open.org > List archives: http://lists.oasis-open.org/archives/xacml-users/ > Committee homepage: http://www.oasis-open.org/committees/xacml/ > List Guidelines: http://www.oasis-open.org/maillists/guidelines.php > Join OASIS: http://www.oasis-open.org/join/ > > --------------------------------------------------------------------- This publicly archived list supports open discussion on using the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]subscribe@lists.oasis-open.org List archives: http://lists.oasis-open.org/archives/xacml-users/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/ _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]