[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Action Item on CR 19
I agree with Carlisle that the problem he states needs to be reckoned with CR 19. The current algorithm breaks monotonicity in the evaluation of the First Applicable Policy Combining algorithm, as he points out. It should model the rule combinging algorithm. We should modify the current document by replacing the following paragraph: If there is any error evaluating the target or the policy, or a reference to a policy is considered invalid, then the evaluation shall continue looking for an applicable policy, if no applicable policy is found, then the result of the combination is "Indeterminate". with: If there is any error evaluating the target, or while evaluating a specific policy, the reference to the policy is considered invalid, or the policy itself evaluates to "Indeterminate", then the evaluation of the combining algorithm shall halt, and the result shall be "Indeterminate" with an appropriate error status. The pseudo code should say: Decision firstApplicableEffectPolicyCombiningAlgorithm(Policy policy[]) { for( i = 0 ; i < lengthOf(policy) ; i++ ) { Decision decision = evaluate(policy[i]); if(decision == Deny) { return Deny; } if(decision == Permit) { return Permit; } if (decision == NotApplicable) { continue; } if (decision == Indeterminate) { return Indeterminate; } } return NotApplicable; } Cheers, -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC