OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions


On 25 March, Michiharu Kudoh writes: Re: [xacml] Proposed resolution to PM-1-02: Post-Conditions
 > I have one question since you are a champion w.r.t. the typical policy
 > combiner algorithm. Are you considering another policy combiners other than
 > GLOBAL-DENY, such as Take-first-decision and Evaluate-all for inclusion in
 > the spec? I mean that Take-first-decision takes the first Permit or Deny
 > decision the specified order. Evaluate-all means that it evaluates all the
 > rule (or policy). I thought it might be worth including in the spec. This
 > is what I meant at that time.

I suggest two additional "standard" combiners other than
GLOBAL-DENY:

  AT-LEAST-ONE-PERMIT

     Permit if at least one policy in the policy set or rule in
     the rule set returns an effect of "permit" (similar to a
     logical OR).

  ALL-APPLICABLE-PERMIT

     Permit only if all applicable rules or policies return an
     effect of "permit" (similar to a logical AND).

Anne
-- 
Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC