[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Re: [xacml-comment] D024
Anne, In my opinion, compile-time policy type-checking is essential (although not normative) for the xacml implementation. If you do not have typechecking done you are never sure what is going to happen at run-time. I do not think that run-time type-checking is 'clean', I think it is 'wrong'. Static typechecker will reject policies you may find appropriate just because they pass schema validation. Simon ----- Original Message ----- From: "Anne Anderson" <Anne.Anderson@Sun.com> To: "XACML TC" <xacml@lists.oasis-open.org> Sent: Tuesday, December 03, 2002 9:04 AM Subject: [xacml] Re: [xacml-comment] D024 > Polar, I disagree. In my opinion, the type checking for > arguments to functions should be done at the time the function is > evaluated, not at the time the policy is parsed. Since we have > not specified the type-correctness of XACML functions using XML, > the type correctness must be checked after the policy is parsed > by the XML parser. It could be done as a second, XACML-specific > parsing step, but I believe it is probably cleaner to have the > type checking done at the time the function is evaluated. This > may make it easier to deal with plug-in custom functions. > > Anne Anderson > > On 3 December, Polar Humenn writes: Re: [xacml-comment] D024 > > From: Polar Humenn <polar@syr.edu> > > To: Anne Anderson <Anne.Anderson@sun.com> > > Subject: Re: [xacml-comment] D024 > > Date: Tue, 3 Dec 2002 10:51:40 -0500 (EST) > > > > > > D024 > > > > The condition that John is referring to in > > > > urn:oasis:names:tc:xacml:1.0:conformance-test:IID024:policy3 > > > > in test D024 is not type correct and therefore is not a valid policy, and > > therefore not a valid policy set. Although it might niavely parse through > > the policy-schema, it should not even be evaluated, because it is not type > > correct. > > > > Cheers, > > -Polar > > > > On Tue, 3 Dec 2002, Anne Anderson wrote: > > > > > John Merrells, > > > > > > As in D002, this Condition was intended to produce an > > > Indeterminate result (by passing the wrong argument type to the > > > function) in order to test the requirements of the > > > "first-applicable" algorithm, which says that a Permit or Deny > > > result will be returned even if an Indeterminate result follows. > > > > > > Please let me know if I am overlooking something. > > > > > > Anne Anderson > > > > > > On 26 November, John Merrells writes: [xacml-comment] D024 > > > > From: John Merrells <merrells@jiffysoftware.com> > > > > To: "'xacml-comment@lists.oasis-open.org'" <xacml-comment@lists.oasis-open.org> > > > > Subject: [xacml-comment] D024 > > > > Date: Tue, 26 Nov 2002 17:36:20 -0800 > > > > > > > > > > > > Same as D002... > > > > > > > > <Condition > > > > FunctionId="urn:oasis:names:tc:xacml:1.0:function:string-equal"> > > > > <SubjectAttributeDesignator > > > > > > > > AttributeId="urn:oasis:names:tc:xacml:1.0:subject:subject-id" > > > > DataType="http://www.w3.org/2001/XMLSchema#string"/> > > > > <AttributeValue > > > > > > > > DataType="http://www.w3.org/2001/XMLSchema#string";>Zaphod > > > > Beedlebrox</AttributeValue> > > > > </Condition> > > > > > > > > > > > > > > > > ---------------------------------------------------------------- > > > > To subscribe or unsubscribe from this elist use the subscription > > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > > -- > > > Anne H. Anderson Email: Anne.Anderson@Sun.COM > > > Sun Microsystems Laboratories > > > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > > > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > > > > > > > ---------------------------------------------------------------- > > > To subscribe or unsubscribe from this elist use the subscription > > > manager: <http://lists.oasis-open.org/ob/adm.pl> > > > > > > > > > -- > Anne H. Anderson Email: Anne.Anderson@Sun.COM > Sun Microsystems Laboratories > 1 Network Drive,UBUR02-311 Tel: 781/442-0928 > Burlington, MA 01803-0902 USA Fax: 781/442-1692 > > > ---------------------------------------------------------------- > To subscribe or unsubscribe from this elist use the subscription > manager: <http://lists.oasis-open.org/ob/adm.pl> > > >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC