xacml message

Subject: Re: [xacml] combining algorithm paper

From: Bill Parducci <bill@parducci.net>
To: rich levinson <rich.levinson@oracle.com>
Date: Wed, 29 Jun 2011 11:15:40 -0700


On Jun 29, 2011, at 10:32 AM, rich levinson wrote:

> However, if the policy is ordered-X-overrides, then things are deterministic.

Thanks Rich, 

The problem is that there is no context for serialization in a mixed environment. Multiple Obligation "namespaces" cannot be resolved. Consider two Obligation Families that must be combined in an ordered fashion:

Obligation Family 1:
X < Y < Z

Obligation Family 2:
A < Z < Y

If Z & Y are returned whch is enforced?

I offer that there much be something with awareness that spans PolicySets (and therefore federated systems) that can address this. 

b

Follow-Ups:
- Re: [xacml] combining algorithm paper
  - From: rich levinson <rich.levinson@oracle.com>

References:
- combining algorithm paper
  - From: rich levinson <rich.levinson@oracle.com>
- Re: [xacml] combining algorithm paper
  - From: Bill Parducci <bill@parducci.net>
- Re: [xacml] combining algorithm paper
  - From: rich levinson <rich.levinson@oracle.com>