[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: [xacml] IIC012: syntax-error or processing-error?
On Wed, Dec 04, 2002 at 10:37:53AM -0500, Polar Humenn wrote: > "If an error occurs while evaluating the target of a policy, or a > reference to a policy is considered invalid or the policy evaluation > results in "Indeterminate", then the policy set SHALL evaluate to > "Indeterminate"." By my reading, this only covers some of the cases. I see three reasons for an error in the quoted text: 1. An error occurs while evaluating the target of a policy 2. A reference to a policy is considered invalid 3. Policy evaluation returns Indeterminate Reasons 1 and 3 refer to policies that have been successfully parsed by the PDP. If the policy is invalid, then we [1] won't try target evaluation, and we won't get an error on policy evaluation. That leaves reason 2, which I believe only refers to a PolicyIdReference or a PolicySetIdReference. So, my original comments about run-time retrieval still apply. If I have a module in my PDP which lets me, for example, talk to an LDAP service to get policies, and a request comes in that applies to one and only one policy in the directory, but that policy is invalid, what should I do? The quoted text does not say anything about this case. I may choose to say I couldn't find any valid policies, so I return NA, or I could say I found an invalid policy, and return SyntaxError. It may be that case 2 is supposed to apply to this problem as well, in which case I think the text should be re-worked to make that clearer. In any case, I certainly agree with you that there are several scenarios where it is up to the implementor what to do. I think you explained that clearly in the your last email, so I won't repeat any of it here :) seth [1] Where "we" is Polar, me, and anyone else who is throwing out invalid policies before evaluation
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC