Re: [xacml] [glossary] Comments

[bill parducci <bill@parducci.net>]

yeah, i caught that but i think it takes us back to the original (f2f
#1) suggestion of a "policy policy".  

if so, would this then not follow: "we have a policy. the policy has
rules. the rules are interpreted according to the 'rule interpretation
policy'"?

which would seem to beg the question (if the term 'policy' is assumed to
be used consistently), "is the 'policy' the same as the 'rule
interpretation policy' and if not, is there a 'rule interpretation
policy' for the 'rule interpretation policy' since it is itself a
policy?" 

if the answer to the first question is 'yes' then this is all moot since
a policy will be able to self reference to describe interpretation. 

on the other hand, if they are not the same (the basis for having the
term being defined) then you must have two classes of policies since it
doesn't seem reasonable that determinist polices will be constrained by
other determinist policies .
in other words, you can have compound 'normal' policies, but i would
think that the 'rule interpretation policy' would be singular for any
given instantiation of a policy decision, because while you can have
conflicting rules for access, you cannot have conflicting methods for
interpretation:

acceptable (interpretation can drive to deterministic result)
policy 1 rule: only let group foo do bar
policy 2 rule: let blah (not member of foo) do bar

unacceptable (conflict in determinism)
policy interpretation directive 1: local policy overrides remote
policy interpretation directive 2: remote policy overrides local


...and since i think that two classes of policies are confusing (kinda
like this note :o) i suggested that the term 'directive' be used for the
latter instance.

b

> Tim Moses wrote:
> 
> Bill - Michiharu's alternative proposal was "rule interpretation
> policy".  All the best.  Tim.
> 
> -----------------------------------------
> Tim Moses
> Tel: 613.270.3183
> 
> -----Original Message-----
> From: bill parducci [mailto:bill@parducci.net]
> Sent: Friday, October 26, 2001 7:03 AM
> To: Tim Moses
> Cc: xacml@lists.oasis-open.org
> Subject: Re: [xacml] [glossary] Comments
> 
> > Add a new term "rule interpretation rule".  A deprecated synonym
> would
> > be "meta-policy".  The definition might be: "procedure for combining
> 
> > authorization policy components in order to form authorization
> policy,
> > including reconciling any conflicts that may exist in the set of
> > authorization policy components".
> 
> "...so as to derive a deterministic (consitent? reproducible?) outcome
> 
> from any given set of inputs."
> 
> how about "rule interpretation directive" to avoid circular
> references?
> 
> b
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>