xacml message

Subject: RE: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"

From: <remon.sinnema@emc.com>
To: <erik@axiomatics.com>
Date: Fri, 24 Feb 2012 08:48:19 -0500

Erik,

From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Erik Rissanen
Sent: Friday, February 24, 2012 10:12 AM
To: xacml@lists.oasis-open.org
Subject: Re: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"

> The current table looks like this:
>
> Target    Rule values     Policy Value
> “Match”    Don’t care    Specified by the rule-combining algorithm
> “No-match”    Don’t care    “NotApplicable”
> “Indeterminate”    See Table 7 See Table 7
>
> The change was introduced in wd 20 in order to make sure the new combining algorithms were always 
> invoked. It would be confusing if a policy with permit-unless-deny could return not-applicable since 
> this algorithm was specifically introduced to guarantee that N/A or Indeterminate are never returned.

Granted, but it's more confusing to me that a Policy without any Rules has any impact on the decision at all.

BTW, section 3.3, Policy Language Model, states that a Policy should have 1..* Rules. Oddly, this section states that a PolicySet should have 0..* Policies.

Thanks,
Ray

Follow-Ups:
- Re: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"
  - From: Erik Rissanen <erik@axiomatics.com>
- RE: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"
  - From: "Tyson, Paul H" <PTyson@bellhelicopter.textron.com>

References:
- Comment on issue 8? "choice element" or "Policy w no Rules"
  - From: rich levinson <rich.levinson@oracle.com>
- Re: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"
  - From: Erik Rissanen <erik@axiomatics.com>