[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions
On 25 March, Michiharu Kudoh writes: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions > I have one question since you are a champion w.r.t. the typical policy > combiner algorithm. Are you considering another policy combiners other than > GLOBAL-DENY, such as Take-first-decision and Evaluate-all for inclusion in > the spec? I mean that Take-first-decision takes the first Permit or Deny > decision the specified order. Evaluate-all means that it evaluates all the > rule (or policy). I thought it might be worth including in the spec. This > is what I meant at that time. I suggest two additional "standard" combiners other than GLOBAL-DENY: AT-LEAST-ONE-PERMIT Permit if at least one policy in the policy set or rule in the rule set returns an effect of "permit" (similar to a logical OR). ALL-APPLICABLE-PERMIT Permit only if all applicable rules or policies return an effect of "permit" (similar to a logical AND). Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC