[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [xacml] Function Completeness
>As I was saying, I am looking at functional completeness. I see a >deficiency in things you can say, which makes coverage of the language >incomplete. In the MatchId? Why our languge should be "complete" in the MatchId? MatchId is not for making authorization decisions. It is for selecting applicable rules. - Different purpose - different semantics. In your example - if you do not want to permit a person over 250lb to jump a parachute, as its reserve is TSO'd to 250lb - you write it in condition. permit(anysubject, parachute, jump) if (integer-greater 250 subject:weight) You suggest: permit(subject with (not (integer-greater weigth 250)), parachute, jump) if true; It has no advantage over the previous expression - logically equivalent but a disadvantage of messing up simple target matching semantics. > Use cases may serve as a set of requirments to satisfy, but they do not > cover the entire space of use cases. You certainly do not produce every > use case you may envision. It does not mean that we have to put in every possible feature - just in case. For each feature there should be at least one requirement. Remember the KISS priciple, and an older one: "Pluralitas non est ponenda sine neccesitate" Regards, Daniel;
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC