OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml-comment] no rules or policies

Sections 7.6 and 7.7 contain, respectively, the only text in the spec that
says what to do when a Policy has no Rules or a PolicySet has no policies.
Unfortunately, the language is a little muddled (and looks like it might be
left over from a previous version). Section 7.6 says

  "A Rules value of 'At-least-one-applicable' SHALL be used if the <Rule>
   element is absent..."

Section 7.7 says

  "A policies value of 'At-least-one-applicable' SHALL be used if there are
   no contained or referenced policies or policy sets..."

Is this supposed to imply that if the rule/policy[set] is missing, then the
result should always be the result of the at-least-one-applicable combining
algorithm, ie NotApplicable? If that's the case, I'd like to request that the
text be clarified so that it's more obvious (since the above text doesn't
really mean anything). If that's not the case, these sections need to be
expanded to explain what to return in these conditions.

As a side note, I don't really understand what the value is of having a Policy
with no Rule, since it will always return the same thing (probably N/A), so
why bother going through the effort of evaluating it? In other words, what
is the reason for the schema defining PolicyType to have

  <xs:element ref="xacml:Rule" minOccurs="0" ...


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC