[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] [glossary] Comments
yeah, i caught that but i think it takes us back to the original (f2f #1) suggestion of a "policy policy". if so, would this then not follow: "we have a policy. the policy has rules. the rules are interpreted according to the 'rule interpretation policy'"? which would seem to beg the question (if the term 'policy' is assumed to be used consistently), "is the 'policy' the same as the 'rule interpretation policy' and if not, is there a 'rule interpretation policy' for the 'rule interpretation policy' since it is itself a policy?" if the answer to the first question is 'yes' then this is all moot since a policy will be able to self reference to describe interpretation. on the other hand, if they are not the same (the basis for having the term being defined) then you must have two classes of policies since it doesn't seem reasonable that determinist polices will be constrained by other determinist policies . in other words, you can have compound 'normal' policies, but i would think that the 'rule interpretation policy' would be singular for any given instantiation of a policy decision, because while you can have conflicting rules for access, you cannot have conflicting methods for interpretation: acceptable (interpretation can drive to deterministic result) policy 1 rule: only let group foo do bar policy 2 rule: let blah (not member of foo) do bar unacceptable (conflict in determinism) policy interpretation directive 1: local policy overrides remote policy interpretation directive 2: remote policy overrides local ...and since i think that two classes of policies are confusing (kinda like this note :o) i suggested that the term 'directive' be used for the latter instance. b > Tim Moses wrote: > > Bill - Michiharu's alternative proposal was "rule interpretation > policy". All the best. Tim. > > ----------------------------------------- > Tim Moses > Tel: 613.270.3183 > > -----Original Message----- > From: bill parducci [mailto:bill@parducci.net] > Sent: Friday, October 26, 2001 7:03 AM > To: Tim Moses > Cc: xacml@lists.oasis-open.org > Subject: Re: [xacml] [glossary] Comments > > > Add a new term "rule interpretation rule". A deprecated synonym > would > > be "meta-policy". The definition might be: "procedure for combining > > > authorization policy components in order to form authorization > policy, > > including reconciling any conflicts that may exist in the set of > > authorization policy components". > > "...so as to derive a deterministic (consitent? reproducible?) outcome > > from any given set of inputs." > > how about "rule interpretation directive" to avoid circular > references? > > b > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC