[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] Style modifications to combining algorithms
i like this. following your lead, i assume that policy set resolution would read Decision PolicySet(Policy policy[])...? b Tim Moses wrote: > Colleagues - Does anyone object to the following style changes to the > combining algorithm definitions? They are intended solely for achieving > better consistency with the remainder of the document. > > 1. The name of the function is "Policy", rather than > "denyOverridesRuleCombiningAlgorithm", etc.. This is because we talk > about evaluating a "Policy", rather than evaluating the combining algorithm. > > 2. The name of the array of rules is singular, i.e. rule[i]. This is > because we have an element called "Rule", rather than "Rules". > > 3. The name of the Effect function is "effect(rule[i])" instead of > "effectOf(rule[i])". This is because we have an element called > "Effect", rather than EffectOf. > > Here is the resulting definition. All the best. Tim. > > Decision Policy(Rule rule[]) > { > Boolean atLeastOneError = false; > Boolean potentialDeny = false; > Boolean atLeastOnePermit = false; > for( i=0 ; i < lengthOf(rules) ; i++ ) > { > Decision decision = evaluate(rule[i]); > if (decision == Deny) > { > return Deny; > } > if (decision == Permit) > { > atLeastOnePermit = true; > continue; > } > if (decision == NotApplicable) > { > continue; > } > if (decision == Indeterminate) > { > atLeastOneError = true; > > if (effect(rule[i]) == Deny) > { > potentialDeny = true; > } > continue; > } > } > if (potentialDeny) > { > return Indeterminate; > } > if (atLeastOnePermit) > { > return Permit; > } > if (atLeastOneError) > { > return Indeterminate; > } > return NotApplicable; > } > > ----------------------------------------- > Tim Moses > Tel: 613.270.3183 >
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC