[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] inconsistency in XACMl policies - avoiding ruleconflicts
> -----Original Message----- > From: Seth Proctor [mailto:Seth.Proctor@Sun.COM] > Sent: Tuesday, October 12, 2004 7:11 PM > To: Kuketayev, Argyn > Cc: xacml-users@lists.oasis-open.org > Subject: RE: [xacml-users] inconsistency in XACMl policies - > avoiding ruleconflicts > > For instance, consider this policy: > > <Target> > <Subjects><AnySubject/></Subjects> > <Resources><AnyResource/></Resources> > <Actions><AnyAction/></Actions> > </Target> > > <Rule RuleId="AlwaysPermit" Effect="Permit"/> > > <Rule RuleId="AlwaysDeny" Effect="Deny"/> > > Using the ordered permit overrides combining algorithm, the > second Rule will never be evaluated. This is still a valid > XACML policy, but it has some problems that can be detected. This is doable, I agree. It's like "statement is not reachable" in my Java code editor :) Modern day code editors have certain code analysis capabilities. I'm thinking about XACML editor tool or plug-in. This sort of "anomalies" can be detected by such a tool. Thanks, Argyn
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]