[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Discussion summary and revised post-condition proposa l
Hi,
I've filled in the column for Policy C below.
Carlisle.
----------
From: Polar Humenn[SMTP:polar@syr.edu]
Sent: Thursday, February 21, 2002 3:08 PM
To: bill parducci
Cc: XACML TC
Subject: Re: [xacml] Discussion summary and revised post-condition proposal
Let us see get a litte (but not much) more concrete with what you expect
to happen with this example that composes two policies.
Policy C is a composition of two policies, A and B with a combinator that
must says that A and B must both Permit in order to grant access.
Policy-A is:
<policy>
<rules leading to either Permit, Deny, or Indeterminate)
<onPermit>
p1,...pm
</onPermit>
</onDeny>
q1,...,qn
</onDeny>
</policy>
Policy-B is:
<policy>
<rules leading to either Permit, Deny, or Indeterminate)
<onPermit>
r1,...ro
</onPermit>
</onDeny>
s1,...,su
</onDeny>
</policy>
How do we evaluate Policy C, which is:
<policy>
<All-must-permit>
Policy-A
Policy-B
</all-must-permit>
<onPermit>
d1,...,dv
</onPermit>
<onDeny>
e1,...,ew
</onDeny>
</policy>
Just so I don't go emumerating all the various evaluation scenarios, let
me see where people are thinking.
But first, before you leap, I think it's important that in order to be
consitent in what you want, at the very least, no matter how you evaluate
the parts of Policy C, you should hope to get the same answer.
What would the above policy C evaluate to if the following:
Policy A Policy B Policy C
------------------------------------
Permit Permit Permit: P, R, and D
Permit Deny Deny: S, E
Permit Indeterminate Indeterminate: no obligations
Deny Permit Deny: Q, E
Deny Deny Deny: Q, S, E
Deny Indeterminate Deny: Q, E
Indeterminate Permit Indeterminate: no obligations
Indeterminate Deny Deny: S, E
Indeterminate Indeterminate Indeterminate: no obligations
Policy C's column should contain something of the form:
? with obligations ________
What does column "Policy C" look like?
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC