OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Re: [xacml] IIC012: syntax-error or processing-error?

Daniel Engovatov wrote:
> I would think it is the syntax-error.  There is nothing wrong about
> reporting an incorrectly formed policy and nothing sacred about type
> incorrectness.  This is what status codes are for.

this is my thinking as well. 

it seems to me that this conversation ties back into the 'run-time' type checking discussion: on the one hand polar seems to be saying that he will have determined policy malformedness prior to the decision processs, while anne & seth are talking about those cases whereby a problem is discovered during the decision process. 

if this is true, then in the former case--polar's scenario--the situation of having a problem processing a policy would only likely be the result of some internal misfiring (PAP/PRP <--> PDP miscommunication, etc.) and i would think that this would most assuredly warrant an error code of some sort with an INDETERMINATE decision. the case of the policy being written properly would not occur, so the response in that case is moot.

the latter case--anne & seth's--could arise under similar circumstances as well as by run-time checking issues (poorly written policies). as pointed out in this thread this would warrant an INDETERMINATE result with an error code.

in both cases i think that the decision is clearly *not* NOTAPPLICABLE because the decision making process has begun using a policy that is undigestible (or in the case of polar's case, attempting to evaluate a policy that has be rendered inoperable by some unplanned event). otherwise, how does the PDP differentiate between a happily functioning system and one that has, say acess control rights, network issues, etc. with the policy repository? 

b


> 
> Does your language interpreter or compiler just die in silence if there is a
> typo in the code? 
> 
> 
> D;
> 
> -----Original Message-----
> From: Polar Humenn
> To: Anne Anderson
> Cc: XACML TC
> Sent: 12/4/02 6:06 AM
> Subject: Re: [xacml] IIC012: syntax-error or processing-error?
> 
> 
> This is the same problem as D024. This policy is not well formed. It is
> type incorrect. There should be no status code, because it should not
> even
> be hinted at that it should be evaluated.
> 
> Cheers,
> -Polar
> 
> On Wed, 4 Dec 2002, Anne Anderson wrote:
> 
> 
>>Conformance Test IIC012 is intended to test for the error case in
>>which a Condition FunctionId uses a function that does not return
>>a Boolean result.  The <Condition is:
>>
>>        <Condition
> 
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-subtract">
> 
>>            <Apply
> 
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
> 
>>                <SubjectAttributeDesignator
>>
> 
> AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:age"
> 
> DataType="http://www.w3.org/2001/XMLSchema#integer"/>
> 
>>            </Apply>
>>            <Apply
> 
> FunctionId="urn:oasis:names:tc:xacml:1.0:function:integer-one-and-only">
> 
>>                <EnvironmentAttributeDesignator
>>
> 
> AttributeId="urn:oasis:names:tc:xacml:1.0:conformance-test:bart-simpson-
> age"
> 
> DataType="http://www.w3.org/2001/XMLSchema#integer"/>
> 
>>            </Apply>
>>        </Condition>
>>
>>Question: should the StatusCode Value from evaluating this Policy
>>be "urn:...:status:syntax-error" (since it is a type error), or
>>"urn:...:status:processing-error"?
>>
>>I'm leaning toward syntax-error.  What do others think?
>>
>>Anne
>>--
>>Anne H. Anderson             Email: Anne.Anderson@Sun.COM
>>Sun Microsystems Laboratories
>>1 Network Drive,UBUR02-311     Tel: 781/442-0928
>>Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>>
>>
>>----------------------------------------------------------------
>>To subscribe or unsubscribe from this elist use the subscription
>>manager: <http://lists.oasis-open.org/ob/adm.pl>
>>
> 
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
> 
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC