OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] group representation and combine algorithm

On Oct 31, 2005, at 2:16 PM, Daniel Engovatov wrote:
> In general, all the applicable rules are equal.  And all the  
> applicable
> policies are equal. Even the document order for the first  
> applicable is
> in reality implementation dependent.

Actually, that's not entirely true. First-applicable is defined  
specifically as always using the order specified in the policy.

> I would guess XACML answer to making some rules/policies more  
> important
> in some way is a new combining algorithm - that may make use of policy
> combining parameters defined in the policy.

I'm not sure I understand your use of "important" and "equal". The  
permit and deny overrides algorithms clearly define a precidence, and  
the ordered algorithms let you specify which policies/rules get  
evaluated before others. I don't think a new algorithm is needed to  
solve this problem, though like I said in my last email, I may just  
be simplifying things.

> Currently there is no standard way to define a new algorithm, we may
> look into this in 3.0 or at a later time frame.

I don't understand this either. What do you mean there's no way to  
define a new algorithm?


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]