OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: [xacml-comment] static type and syntax errors in Conformance Tests


Are there any objections to the following resolution to the type
and syntax checking debate, at least with respect to the
Conformance Tests?  This may not resolve the issue completely,
but I feel we need to decide as soon as possible what the
Conformance Tests will do so that implementations can attest to
"successfully using" this coming week.

1) I have added the following "Special Instructions" to the two
   tests that test that an invalid policy will never be used to
   return a Permit, Deny, or NotApplicable result.

- Special Instructions for Test Case II.A.4

  The policy for this test is not schema-compliant: it contains a
  syntax error.

  If a policy with invalid syntax MAY EVER be evaluated by the
  implementation's XACML PDP at the time a Request is received,
  then this test MUST be passed.  In this case, the result MUST be
  consistent with the supplied IIA004Response.xml file: it returns
  a Decision of Indeterminate with a StatusCode value of
  "urn:oasis:names:tc:xacml:1.0:status:syntax-error".

  If the implementation's XACML PDP CAN NEVER attempt to evaluate a
  policy with invalid syntax, then the implementation MUST
  demonstrate that the policy in IIA004Policy.xml will be rejected
  by whatever entity is responsible for validating policy syntax in
  the system in which the XACML PDP will be used.  In this case,
  the supplied Request and Response files are not relevant and may
  be ignored.

- Special Instructions for Test Case II.C.3

  The policy for this test contains a static type error.

  If a policy with static type errors MAY EVER be evaluated by the
  implementation's XACML PDP at the time a Request is received,
  then this test MUST be passed.  In this case, the result MUST be
  consistent with the supplied IIC003Response.xml file: it returns
  a Decision of Indeterminate with a StatusCode value of
  "urn:oasis:names:tc:xacml:1.0:status:processing-error".

  If the implementation's XACML PDP CAN NEVER attempt to evaluate a
  policy with static type errors at the time a Request is received,
  then the implementation MUST demonstrate that the policy in
  IIA004Policy.xml will be rejected by whatever entity is
  responsible for validating policy syntax in the system in which
  the XACML PDP will be used.  In this case, the supplied Request
  and Response files are not relevant and may be ignored.

2) I am checking all other policy files that contain a Rule that
   is supposed to return Indeterminate.  If a static type error
   is currently being used to "cause" the Indeterminate result, I
   will change the test to "cause" the Indeterminate result by
   using an unsatisfied "MustBePresent" xml attribute, an
   unsatisfied *-one-and-only function, or a divide-by-zero
   error.

I will mail out an updated Conformance Test Suite this afternoon.

Anne Anderson
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC