OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Subject: Re: [xacml] Style modifications to combining algorithms


i like this. following your lead, i assume that policy set resolution would read Decision PolicySet(Policy policy[])...?

b

Tim Moses wrote:
> Colleagues - Does anyone object to the following style changes to the 
> combining algorithm definitions?  They are intended solely for achieving 
> better consistency with the remainder of the document.
> 
> 1. The name of the function is "Policy", rather than 
> "denyOverridesRuleCombiningAlgorithm", etc..  This is because we talk 
> about evaluating a "Policy", rather than evaluating the combining algorithm.
> 
> 2. The name of the array of rules is singular, i.e. rule[i].  This is 
> because we have an element called "Rule", rather than "Rules".
> 
> 3. The name of the Effect function is "effect(rule[i])" instead of 
> "effectOf(rule[i])".  This is because we have an element called 
> "Effect", rather than EffectOf.
> 
> Here is the resulting definition.  All the best.  Tim.
> 
> Decision Policy(Rule rule[])
> {
>         Boolean atLeastOneError  = false;
>         Boolean potentialDeny    = false;
>         Boolean atLeastOnePermit = false;
>         for( i=0 ; i < lengthOf(rules) ; i++ )
>         {
>                 Decision decision = evaluate(rule[i]);
>                 if (decision == Deny)
>                 {
>                         return Deny;
>                 }
>                 if (decision == Permit)
>                 {
>                         atLeastOnePermit = true;
>                         continue;
>                 }
>                 if (decision == NotApplicable)
>                 {
>                         continue;
>                 }
>                 if (decision == Indeterminate)
>                 {
>                         atLeastOneError = true;
> 
>                         if (effect(rule[i]) == Deny)
>                         {
>                                 potentialDeny = true;
>                         }
>                         continue;
>                 }
>         }
>         if (potentialDeny)
>         {
>                 return Indeterminate;
>         }
>         if (atLeastOnePermit)
>         {
>                 return Permit;
>         }
>         if (atLeastOneError)
>         {
>                 return Indeterminate;
>         }
>         return NotApplicable;
> }
> 
> -----------------------------------------
> Tim Moses
> Tel: 613.270.3183
> 



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


Powered by eList eXpress LLC