Subject: Re: [xacml-comment] Query Regarding XACML Delegation Profile v1.0 (16 April, 2009)
Hi Amir Ali,
On 12/02/2015 4:39 AM, Amir Ali wrote:
At line # 138-139, profile says that "Reduction is always performed in the context of a request R, which is being evaluated *against a policy set*." Let me know that "*Reduction*must be performed *against a policy set*" *or we can performed reduction against a policy*". ?.
The policy set referred to in this statement is the policy set containing
the untrusted policy P, which is the policy to be reduced. The administrative
request A, generated from R and P, is evaluated against the other policies
in the policy set referred to above, i.e., the siblings of P.
Note the statement at the beginning of the Glossary:
"For simplicity, this document uses the term policy to include the XACML
definitions for both policy and policy set."
Thus the policy P may instead be a policy set, and the sibling policies that
authorize it may instead be policy sets.