[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Proposed semantics for operations involving INDETERMI NATE
"Polar Humenn" <polar@syr.edu> wrote: >I personally would like to restrict the policy to only evaluate the >evidence in the Context, and therefore all data is considered available. >Then there is no question, and no Errors. I don't quite follow. Just because you only evaluate evidence in the Context, you can still have data that is not available. For example, the PEP may not have supplied an attribute value that is referenced by a particular policy. Are you saying you could still have INDETERMINATE (referenced information not available in the Context), but not ERROR (attempt to obtain referenced information by AA failed due to network timeout, etc.)? So errors in attempting to obtain referenced information from an AA for inclusion in the "notional" Request context just become "information that is not available in the Request context" -> INDETERMINATE as far as the Evaluation and Response go? Anne Anderson Anne.Anderson@Sun.COM Internet Security Research Group, Sun Labs Sun Microsystems, Inc., Burlington, MA
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC