[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] pdp status element
That's
definitly a very useful behaviour, which probably should be made default, and
mandatory to implement.
But I
do not think we should unnecesseraly limit the protocol to accomodate only for
this usage. All
these
issues may be solved at PEP level just as well - it is up to an application to
interpret each possible result.
For
example for credentials foo = 1 and spam = 0 two rules.
and
policy
<
permit
if (divide foo spam) > 1
permit
if foo > 0
>
it
does not seems absolutely clear to me that the result should be DENY (or PERMIT
as well - there are may be choices..)
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC