[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Negative Policies
my comments were directed at the implementation of rule #2 below. if 'Bill' is the identity of the entity as known by the PDP, the 'universe' is bounded and is not reasonably subject to the issues you raised. on the other hand, i agree that #1, #3 and #4 are. b Hal Lockhart wrote: > > I should have begun by saying that when I refer to negative policies, I am > actually referring to a number of different kinds of policies which have > different negative aspects. What they have in common is that they express > what is not the case rather than what is the case. Some of the problems I > have seen apply to all types of negative policies, some only apply to some > types. However because of the number of distinct types of problems I have > become wary of all types of negative policies. > > Some examples of what I consider to be negative policies: > > 1. under such and such conditions, the READ operation is not allowed. > > 2. Bill is not allowed to do such and such > > 3. Vice Presidents are not allowed to do such and such > > 4. Such and such a policy does not apply to > http://www.example.com/my/files/*
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC