RE: [xacml] Proposed semantics for operations involving INDETERMI NATE

[Polar Humenn <polar@syr.edu>]

On Tue, 23 Jul 2002, Daniel Engovatov wrote:

> What is important: for the same policy, with the same data available -
> decision should be deterministic, not dependent on the rule order.
> And that should be part of the policy model reflected in the standard
> - we are writing a portable policy lanaguage, not just an XML schema,
> and I believe this has to be addressed clearly.  It would not be a
> good standard if two PDP deliver different result for the same policy
> based on interpretation of what is an operational error, and what
> order rules have to be evaluated.

Operational errors at the things that a client of the PDP, e.g. a PEP, can
determine to be an operational error with the interface, such as
communication errors with the PDP, or some badly formed response from the
PDP.

The client shouldn't know what the operational errors of the PDP actually
are. It it does, it breaks encapsulation of the PDP, and causes the
clients of a PDP to worry about a lot more than Access Decisions, but also
problems with the PDP.

You say that the same policy, with the same data available, the decision
should be determinisic. Well, so far it is. It's when some data is not
available at one point, and not available at the other point. But now, I'm
having trouble with your meaning of "available".

What do you do when you say that Principal Alice must have Attribute
"Driver's License" is "New York State", and she doesn't have or produce
her driver's license? Is that an operational error?
It depends, on A) whether she didn't produce a Driver's License Attribute
               B) whether she actually has a Driver's License Attribute
               C) whether the DMV was open at the time of evaluation.

I personally would like to restrict the policy to only evaluate the
evidence in the Context, and therefore all data is considered available.
Then there is no question, and no Errors.

-Polar