[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] New issue#1 from "Boolean Policy resolution"
> In the proposed logic, > > t AND t = t > t AND n/a = t > > However, that does NOT mean that for > > t AND x = t > > x must be t (in this logic). For an analogous example in classical > logic, > Take implication => > > t => t = t > t => f = f > f => t = t > f => f = t > > x => t = t does not force x to be t > f => x = t does not force x to be t. > > n/a is n/a. It is a separate entity. ok, but let's step away from the academic perspective for a sec and look at the implementational issues. whether or not n/a is symbolically unique is not relevant to the process itself *by definition*, right? t + n/a is reduced to t which yields GRANT therefore, n/a evaluates to TRUE when it comes to granting access to a resource for all intents and purposes. i agree that this is not true WRT to pure logical expressionism, but the fact remains that access is granted without all predicates explicitly evaluating to true and that is not good form in my book. b b
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC