OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: RE: [xacml-users] policy inconsistency


Why would not it make sense?

Consider the following scenario: one default policy permits something.  Administrator adds a temporary policy to block that - it is much nicer to add a DENY rule, then to edit away rule in the default policy.  Later this DENY  rule may be revoked.

I do not see any semantic inconsistency in this usage: this is exactly the reason to have DENY rules and combining algorithm.  If not for this kind of rules - there would be little reason to have the DENY effect - as the effect of deny could be handled using only the NOTAPPLICABLE.

Daniel;


-----Original Message-----
From: Argyn [mailto:jawabean@gmail.com] 
Sent: Monday, May 01, 2006 9:29 AM
To: xacml-users@lists.oasis-open.org
Subject: Re: [xacml-users] policy inconsistency

I think it's more like "semantic inconsistency". sure, XACML engine
may produce an answer, but it doesn't mean that it'll make sense

thanks
argyn

On 5/1/06, Daniel Engovatov <dengovatov@bea.com> wrote:
> Why is that inconsistent?
>
> Dependent on your rule and policy combining algorithm there is always a definitive consistent answer for such a policy.
>
> Daniel;
>
> -----Original Message-----
> From: Koko Ga [mailto:ajajakoko@yahoo.com]
> Sent: Monday, May 01, 2006 7:52 AM
> To: xacml-users@lists.oasis-open.org
> Subject: [xacml-users] policy inconsistency
>
> Hi,
>   I'm looking into understanding the different types of policy inconsistency. Are you aware of any work on this topic?
>   A common case of inconsistency is when two rules have the same <subject, object, action> tuple and the rulings are conflict with each other (permit and deny). Do you know of any other examples of policy inconsistency?
>
>   Thanks,
>
>   koko,
>
>
> ---------------------------------
> Blab-away for as little as 1/min. Make  PC-to-Phone Calls using Yahoo! Messenger with Voice.
> _______________________________________________________________________
> Notice:  This email message, together with any attachments, may contain
> information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
> entities,  that may be confidential,  proprietary,  copyrighted  and/or
> legally privileged, and is intended solely for the use of the individual
> or entity named in this message. If you are not the intended recipient,
> and have received this message in error, please immediately return this
> by email and then delete it.
>
> ---------------------------------------------------------------------
> This publicly archived list supports open discussion on using the
> XACML OASIS Standard. To minimize spam in the archives, you
> must subscribe before posting.
>
> [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
> Alternately, using email: list-[un]subscribe@lists.oasis-open.org
> List archives: http://lists.oasis-open.org/archives/xacml-users/
> Committee homepage: http://www.oasis-open.org/committees/xacml/
> List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
> Join OASIS: http://www.oasis-open.org/join/
>
>

---------------------------------------------------------------------
This publicly archived list supports open discussion on using the 
XACML OASIS Standard. To minimize spam in the archives, you 
must subscribe before posting.

[Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/
Alternately, using email: list-[un]subscribe@lists.oasis-open.org
List archives: http://lists.oasis-open.org/archives/xacml-users/
Committee homepage: http://www.oasis-open.org/committees/xacml/
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Join OASIS: http://www.oasis-open.org/join/

_______________________________________________________________________
Notice:  This email message, together with any attachments, may contain
information  of  BEA Systems,  Inc.,  its subsidiaries  and  affiliated
entities,  that may be confidential,  proprietary,  copyrighted  and/or
legally privileged, and is intended solely for the use of the individual
or entity named in this message. If you are not the intended recipient,
and have received this message in error, please immediately return this
by email and then delete it.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]