[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-comment] Policies vs. Rules
I agree with your issue, and I believe the TC also, in principle, agrees.
This was the primary motivation behind the development of the so-called "extended" combining algorithms that are in the current XACML 3.0 draft:
These "extended" algorithms have two significant characteristics:
Florian Huonder wrote:
email@example.com" type="cite">Hi all, I have a question about Policies and Rules. I really do not see the reason to distinguish between Policy and Rule. In my opinion, everything that you can solve with a Policy that has multiple rules, can also be solved with multiple Policies (where each only has one single Rule). The only difference that I see between Rules and Policies are that they map to different target sets. Meaning that a Rule maps to DENY or PERMIT and a Policy to DENY, PERMIT and NOT_APPLICABLE (I left away INDETERMINATE). But I really do not see a practical application for this difference. Maybe you could give me a hint about what the intent is behind Policies and Rules? I heard that there is a requirement for Rules. Could anybody tell me what the requirement for Rules is? Regards, Florian