[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml-dev] VariableDefinition (V2)
On Wed, 2004-10-20 at 19:44, diego gonzalez wrote:
> I have a question regarding the VariableDefinition. What is the
> expected behavior when there are two VariableDefinition that references
> themselves? The code will throw a Stack Overflow, but I think the Response
> error will be processing-error.
Yeah. That's a good question. The spec is, sadly [1], silent on this
issue. You have a couple options:
1. Assume that your authors (or tools) will catch this as an error
case. In this case you're already doing the right thing.
2. Have your PDP look for these loops. This is expensive, and
technically it's not legal to thrown out policies with loops, since
they might actually have base-cases. You could however flag this
case, for reference later.
In both cases, you probably end up with an error like the one you're
seeing now. I think that returning a processing-error is a good idea.
You could also choose to define a new error, but I think that's probably
overkill. You might want to include some status explaining what
happened, so that this case can be caught in the future. Anyway, I think
that you and I are pretty much thinking about the same approaches here.
Sorry I can't offer more help...
seth
[1] I wanted to make this a clear error. In fact, I wanted a number of
clarifications on the Variable Def/Ref system, but I didn't get them.
The general feeling was that there are ways to use this recursive
behavior effectively, but personally I think that in most real-world
cases, this causes more harm than good. Sigh.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]