[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] combining algorithm paper
Hi Bill, I think where we are at now is that the focus here is on simply how to determine which Obligations (/Advice) are returned for a given combining algorithm. Also, we are aware that there is some determinacy/indeterminacy, such as if there is an X-overrides Policy, then if an X is encountered, then only the Obs assoc w that X are returned. In unordered, the result is non-deterministic since if multiple X's can be evaluated, only the one that happens to be first to return an X will have its Obs returned. The identical request re-submitted could have a different X and thus a different set of Obs returned. However, if the policy is ordered-X-overrides, then things are deterministic. Given that only one X is returned, there is a question of why should there be multiple Y's returned if no X is encountered? This will be examined a little further in order to specify what the current behavior is in this context, and depending on where it ends up we may add clarifying text, however, the text right now is considered to be correct. Other options would be beyond 3.0 and included w the Families discussion. Thanks, Rich On 6/29/2011 12:11 PM, Bill Parducci wrote: > I suggest that until we have a mechanism to define which Obligations (Families) are supported within a given environment, Obligation combination is not a solvable problem. I think that this is something that the "meta schema" may be able to address. > > b > > On Jun 29, 2011, at 8:48 AM, rich levinson wrote: > >> The paper we are discussing is available from: >> https://www.cerias.purdue.edu/assets/pdf/bibtex_archive/2008-9-report.pdf >> >> There is an update to this paper on ACM that has some significant >> changes, however the main points remain primarily intact: >> There are details on where this paper appeared and access info at end: >> >> >> Access Control Policy Combining: Theory Meets Practice >> >> Ninghui Li, Qihua Wang, Wahbeh Qardaji, Elisa Bertino, Prathima Rao >> Purdue University, Department of Computer Science >> 305 N. University Street, West Lafayette, IN 47907,USA >> {ninghui, qwang, wqardaji, bertino, prao}@cs.purdue.edu >> Jorge Lobo >> IBM T.J. Watson Research >> Center >> Hawthorne, NY, USA >> lobo@us.ibm.com >> Dan Lin >> Missouri University of Science >> and Technology >> 500 West 15th Street, Rolla, >> MO 65409 >> lindan@mst.edu >> >> >> Permission to make digital or hard copies of all or part of this work for >> personal or classroom use is granted without fee provided that copies are >> not made or distributed for profit or commercial advantage and that copies >> bear this notice and the full citation on the first page. To copy otherwise, to >> republish, to post on servers or to redistribute to lists, requires prior specific >> permission and/or a fee. >> SACMAT’09, June 3–5, 2009, Stresa, Italy. >> Copyright 2009 ACM 978-1-60558-537-6/09/06 ...$5.00. >> >> >> --------------------------------------------------------------------- >> To unsubscribe from this mail list, you must leave the OASIS TC that >> generates this mail. Follow this link to all your TCs in OASIS at: >> https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php >>
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]