[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: [xacml] Proposed resolution to MI-1-02: Definition of Policy vs. Rule
Based on the March 2002, Face-to-Face, I believe this issue, for which Carlisle is the champion, is ready to be closed. Resolution: A "rule" is the smallest unit from which a "policy" is composed. A "rule" uses predicates that refer to attributes and values. A "policy" is a combination of rules or other policies. A combination of rules is called a <policyStatement>. A combination of <policyStatement>s or other <policyCombinationStatement>s is called a <policyCombinationStatement>. A policy is the smallest administrative unit in XACML, and is the smallest unit that can be signed. A policy does not refer to attributes and values, but only to combinations of rules or other policies. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC