[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Policies with No Subject
At the F2F I asserted that a policy could contain zero or more subjects. The use of a policy with zero subjects was questioned. My answer was that if the policy did not consider any information about a subject, there was no need for a subject in the policy. For example, if the policy says the resource can be accessed between 24:00 and 6:00, there is no need to specify a subject. At the meeting several people agreed that in a case like this, there would still be a subject. There would be some kind of indicator that it applied to all subjects, such as "*" or "ALL". I conceded this possibility at the time and the discussion turned to other topics. I now believe that this is illogical. I assume that policies can take as inputs items such as the date and time, network location, method of authentication and so on. Therefore, if a policy that does not consider subject information must contain "all subjects" then logically a policy that does not consider time must contain "all times", a policy that does not consider location must contain "all locations" and so on. This would obviously cause every policy to become encrusted with useless junk. I think it is clearly much simpler to put into each policy just the items that need to be evaluated and leave out the others. The point is that I consider subject to be just one type of input that may or may not be used for policy decisions. Hal
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC