OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] [schema] PDP response where no policy applies


It seems useful to be able to distinguish the concept of "indeterminate",
where perhaps some portion of the policy data was not accessible, from
"inconclusive", where all policy data was accessible and there was no
positive or negative statement.

In the "indeterminate" case, the requester might choose to not continue
asking any other PDPs (since an authoritative negative answer may have been
missed in the current PDP).

In the "inconclusive" case, the requester would be free to query other PDPs
looking for an authoritative answer.
--
Steve

Anne Anderson wrote:

> If absolutely none of its policies applies, then is the PDP
> obligated to return Indeterminate(Inapplicable)?
>
> If the PDP wants to return Deny if no policies apply, does it
> have to define a base policy with a DenyOverrides rule?
>
> We should spell this sort of behavior out in the spec.
>
> Anne
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>




Attachment: sanderson.vcf
Description: Card for Steve Anderson



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC