[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Match/No-Match Semantics
Greetings, Apparently we have what I believe is an inconsistency in the evaluation of the rules with respect to expressions resulting in errors and the target match semantics. For the Target we have only two values Match and No-Match, and have said that if an error occurs while evaluating the target, the result is a No-Match. If we evaluate equivalent expressions, one in the target, the other in a condition, we would get two different results. For example, let's say we have a situation such that an AttributeDesignator is not available, and any call to it will result in an operational error. Let's say we have a rule with an ANY target and a condition that performs a match on this AttributeDesignator. The result of the condition is Indeterminate, and therefore the rule is evaluated to Indeterminate. Let's also say we have a rule with a target that performs the equivalent match on that particular designator. We have said that we map any Error to a No-Match situation. In that case, then the rule is evaluated to NotApplicable. Does this situation sit right with people? Cheers, -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC