OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] Boolean Policy resolution - a slight modification



Hi Bill,

You still have the problem for including your proposed "<join>" components
with other combinations of "<and>" and "<or>". So, I think it doesn't
really buy you much more.

I may have a good sound evaluation strategy by later today. Performing
the work on the lattice had actually got me to think of the problem a
litte harder.

Cheers,
-Polar


On Thu, 7 Feb 2002, bill parducci wrote:

> it seems that we are actually trying to solve two problems with the
> '<and>' issue:
>
> 1. determining applicability of [sub]policies
> 2. determining evaluation result of resulting policy
>
> as i have stated in prior notes, i am not in favor of a policy resolving
> to true where any of the predicates evaluate to anything other than true
> and are combined with an '<and>' (true = true + n/a). on the other hand
> i support the idea of policy inclusion logic using this mechanism as hal
> has proposed below.
>
> in thinking more about this it seems that these functions should be
> handled separately (syntactically). what came to mind is the concept of
> a 'join'. it seems to me that behavior we are looking for with respect
> to aggregate policies ('use if it applies, ignore otherwise') is more in
> line with a 'join' than 'and'.
>
> <join>
>       <applicablePolicyReference>
>           xprp://policy.sample.com/$TargetValues
>       </applicablePolicyReference>
> </join>
>
> this leaves the term '<and>' with the forcefulness that i believe is
> appropriate.
>
> does this make sense?
>
> b
>
> -------- Original Message --------
> Subject: RE: [xacml] Boolean Policy resolution - a slight modification
> Date: Thu, 31 Jan 2002 11:02:57 -0500
> From: Hal Lockhart <hal.lockhart@entegrity.com>
> To: "'Anne Anderson'" <Anne.Anderson@Sun.com>, XACML TC
> <xacml@lists.oasis-open.org>
>
> [...]
>
> > Since this can return multiple applicable policies, I further propose
> > that the surrounding combinator treat each returned applicable policy as
> > if it were a distinct predicate. In other words (Polar should like this)
> > this:
> >
> > <and>
> >     <applicablePolicyReference>
> >         xprp://policy.sample.com/$TargetValues
> >     </applicablePolicyReference>
> > </and>
> >
> > means that value of each applicable policy returned is anded with the
> > others (and any other retrevial points with in the combinator), as usual
> > dropping the ones that turn out to be inapplicable.
>
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC