[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml-users] policy inconsistency
Yep. The problem here is policy analysis. XACML policy is not easily reversible (determining what set of parameters would cause a particular decision). My guess would be that the strategy of policy analysis and the definition of "inconsistency" would be very much implementation dependent. We could possibly specify that in concrete profiles... Interesting question to discuss. Daniel; >recently, i was talking about xacml and got a similar question from the > audience. the issue is that once you build a large set of policies and rules, there could be unintended "collisions" or inconsistencies. combining algorithms could produce "unexpected" results when multiple policy sets are combined. these effects are not indeterministic, of course, but the result of combining policy sets is not always intuitive. if you have a lot of policies, then it would be useful to find out inconsistent ones. in order to do that one has to define what is exactly "inconsistent" policies. Argyn --------------------------------------------------------------------- This publicly archived list supports open discussion on using the XACML OASIS Standard. To minimize spam in the archives, you must subscribe before posting. [Un]Subscribe/change address: http://www.oasis-open.org/mlmanage/ Alternately, using email: list-[un]firstname.lastname@example.org List archives: http://lists.oasis-open.org/archives/xacml-users/ Committee homepage: http://www.oasis-open.org/committees/xacml/ List Guidelines: http://www.oasis-open.org/maillists/guidelines.php Join OASIS: http://www.oasis-open.org/join/ _______________________________________________________________________ Notice: This email message, together with any attachments, may contain information of BEA Systems, Inc., its subsidiaries and affiliated entities, that may be confidential, proprietary, copyrighted and/or legally privileged, and is intended solely for the use of the individual or entity named in this message. If you are not the intended recipient, and have received this message in error, please immediately return this by email and then delete it.