OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Handling NotApplicable

How do you handle NotApplicable?

My PEP has a method in Java implementation
void checkPermissions(...). 

It raises an exception if user is not authorized to execute an action,
which means anything but "Permit".

"Deny" is also easy. In addition to throwing exception, I also log this
event as a warning. In a well designed webapp, this shouldn't happen
often.

What to do with NotApplicable decision? I decided that it's bad thing to
have this, because in my case it indicates that policy wasn't found or
something more serious. So, I log this as an error or alert. Unlike,
"Deny" this should be dealt with.

Thanks,
Argyn

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]