OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: [xacml] Proposed resolution to MI-1-02: Definition of Policy vs. Rule

Based on the March 2002, Face-to-Face, I believe this issue, for
which Carlisle is the champion, is ready to be closed.

Resolution: A "rule" is the smallest unit from which a "policy"
is composed.  A "rule" uses predicates that refer to attributes
and values.

A "policy" is a combination of rules or other policies.  A
combination of rules is called a <policyStatement>.  A
combination of <policyStatement>s or other
<policyCombinationStatement>s is called a
<policyCombinationStatement>.  A policy is the smallest
administrative unit in XACML, and is the smallest unit that can
be signed.  A policy does not refer to attributes and values, but
only to combinations of rules or other policies.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC