[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-comment] Policies vs. Rules
Thanks a lot for your answer.
I think I did not caught on so far.
As I understood your answer, in XACML 2.0 there is a difference between on Policy with multiple Rules and multiple Policies with one Rule each. But I did not understand it (maybe it’s my English J).
I understood that in XACML 3.0 (when using the extended and recommended new combining algorithms) there is no difference between a Policy with multiple Rules and multiple Policies with on Rule each.
If that is true, what exactly would be the reason not to drop Rules?
I am looking forward to hearing from you.
I have a question about Policies and Rules.
I really do not see the reason to distinguish between Policy and Rule. In my
opinion, everything that you can solve with a Policy that has multiple
rules, can also be solved with multiple Policies (where each only has one
The only difference that I see between Rules and Policies are that they map
to different target sets. Meaning that a Rule maps to DENY or PERMIT and a
Policy to DENY, PERMIT and NOT_APPLICABLE (I left away INDETERMINATE). But I
really do not see a practical application for this difference.
Maybe you could give me a hint about what the intent is behind Policies and
I heard that there is a requirement for Rules.
Could anybody tell me what the requirement for Rules is?