[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] We resolve ...
Hi > "Now for instance, suppose you want to enforce a situation in which any of > us can grant authorizations and, possibly denials, for some access and > a denial-take-precedence policy should be enforced (meaning it sufficient > that one of us says "deny (because of a negative authorization), and the > access should be rejected. How do you enforce this? You cannot have the > different administrators operate on the applicable policy (meaning > actually have writing privilege on that document)." > > This is how ... then my NOT have a global semantics right? Where is it dictated? is the AND you have at the beginning of the policy? if it the case then that everybody specifying an applicable policy (which in this case seems to be indeed overlapping) has control over how "string" his denial is? (i.e., how it is combined)? if i am not mistaken this implied multiple applicable policies (meaning overlapping targets). isn't there the danger of somebody specifying a policy he think will be obeyed but then it will not be so? -p
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC