Subject: Re: [xacml-users] Policy combinations; how to preserve intended meaning...?

Thanks Seth, and Argyn.

On 10/25/06, Seth Proctor <Seth.Proctor@sun.com> wrote:
> If you changed your mind about diving into XACML and wanted a little
> adventure in your life [1]

:-) You mean other people don't find this stimulating?!?

> I'd suggest looking at the parameters feature
> that was added in XACML 2.0. You'd have to write your own algorithm, but
> you could then add "weight" or "priority" or whatever else you liked to
> each element being combined. This might help further define the
> relationships you're trying to build. I haven't thought deeply about
> this, but it strikes me that it might be a useful approach.

Hmm, this is a very interesting idea, especially given the symmetries
with finite domain constraints.  Thanks for pointing this out, I'll
delve a little deeper next week...

I've had some feedback from the fedora-users list too and it turns out
that the XACML support in Fedora is not as complete as it seems.
Apparently target matching and IdReference are not supported, I'll
have to look into this further as I find it hard to believe that
target matching wouldn't be supported given it's such a key feature -
doesn't the sun PDP do this for free anyhow?!  I imagine adding
support for references to the PolicyFinder module would not be too
difficult.  Trouble is that this is supposed to be a
prototype/feasibility study, I'll find out today whether the higher
ups think it's worth the time.


In science one tries to tell people, in such a way
as to be understood by everyone, something that
no one ever knew before. But in poetry, it's the
exact opposite.
 - Paul Dirac

