[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions
On 25 March, Michiharu Kudoh writes: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions
> I have one question since you are a champion w.r.t. the typical policy
> combiner algorithm. Are you considering another policy combiners other than
> GLOBAL-DENY, such as Take-first-decision and Evaluate-all for inclusion in
> the spec? I mean that Take-first-decision takes the first Permit or Deny
> decision the specified order. Evaluate-all means that it evaluates all the
> rule (or policy). I thought it might be worth including in the spec. This
> is what I meant at that time.
I suggest two additional "standard" combiners other than
GLOBAL-DENY:
AT-LEAST-ONE-PERMIT
Permit if at least one policy in the policy set or rule in
the rule set returns an effect of "permit" (similar to a
logical OR).
ALL-APPLICABLE-PERMIT
Permit only if all applicable rules or policies return an
effect of "permit" (similar to a logical AND).
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC