[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Style modifications to combining algorithms
Colleagues - Does anyone object to the following style changes to the combining algorithm definitions? They are intended solely for achieving better consistency with the remainder of the document.
1. The name of the function is "Policy", rather than "denyOverridesRuleCombiningAlgorithm", etc.. This is because we talk about evaluating a "Policy", rather than evaluating the combining algorithm.
2. The name of the array of rules is singular, i.e. rule[i]. This is because we have an element called "Rule", rather than "Rules".
3. The name of the Effect function is "effect(rule[i])" instead of "effectOf(rule[i])". This is because we have an element called "Effect", rather than EffectOf.
Here is the resulting definition. All the best. Tim.
Decision Policy(Rule rule[])
{
Boolean atLeastOneError = false;
Boolean potentialDeny = false;
Boolean atLeastOnePermit = false;
for( i=0 ; i < lengthOf(rules) ; i++ )
{
Decision decision = evaluate(rule[i]);
if (decision == Deny)
{
return Deny;
}
if (decision == Permit)
{
atLeastOnePermit = true;
continue;
}
if (decision == NotApplicable)
{
continue;
}
if (decision == Indeterminate)
{
atLeastOneError = true;
if (effect(rule[i]) == Deny)
{
potentialDeny = true;
}
continue;
}
}
if (potentialDeny)
{
return Indeterminate;
}
if (atLeastOnePermit)
{
return Permit;
}
if (atLeastOneError)
{
return Indeterminate;
}
return NotApplicable;
}
-----------------------------------------
Tim Moses
Tel: 613.270.3183
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC