OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-comment] Extended Indeterminate values in the case ofPolicy Targets returning Indeterminate

Hi Stefan,

According to the table in section 7.11, a policy with an indeterminate target evaluates to "Inderterminate", which is the "normal" Indeterminate(DP). The rule combining algorithm has nothing to do with it, so you do not need to check the rules.

Best regards,

On 2011-01-03 17:18, soberhol@hsr.ch wrote:
99EECF01B5C87A498318776AB7E4A78D3639F367E3@sid00102.hsr.ch" type="cite">

Hi all


I have a question about the extended Indeterminate values in the case that the Target of a Policy or PolicySet matches to Indeterminate.

I can’t find any definition about this case in the specification.


Can you please tell me which one of the following solutions is correct?

-          All rules appended to the Policy or PolicySet must be checked. If all of them have the effect Permit, the indeterminate value is Indeterminate(P). If all of them have the effect Deny, the value is Indeterminate(P). Otherwise the value is Indeterminate(DP)

-          It can be assumed that always a rule with a deny effect and a permit effect is appended and therefore Indeterminate(DP) is returned

-          All appended Policies must be evaluated. If all of them are Indeterminate(P) or a Permit, Indeterminate(P) is returned. If all of them have the effect Deny or Indeterminate(D) Indeterminate(D) is returned. If at least one is Deny or Indeterminate(D) and another one is Permit or Indeterminate(P) Indeterminate(DP) is returned.

-          Indeterminate with no value should be returned


If it is the case that an Indeterminate is returned I can’t see a definition how this is combined in the Permit-overrides and Deny-overrides algorithms.


Can anybody help me in this case?






[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]