OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Rule References

On 5 June, Polar Humenn writes: [xacml] Rule References
 > Once rules incorporated referenced from outside the policy, it becomes 
 > unwieldy, as you cannot specify the evaluation semantics of a policy in 
 > the face of dynamically updating outside rules.
 > Rules can change dynamically underneath the URI. I don't like this.

This is identical to the current situation with a PolicySet.  The
policies included via <PolicySetIdReference> and
<PolicyIdReference> can "change dynamically underneath the URI".

I see this as a big plus.  In my organization, I want various
functional units (Legal, HR, Financial, Public Policy, etc.) to
be able to define their own policies, whether these are in the
form of <PolicySet>, <Policy>, or <Rule> elements, and I want to
be able to construct operating policies that include those
policies by reference.  I want my operating policies to pick up
the latest version of each referenced policy, and I don't want to
have to change every operating policy each time a corporate
functional entity tweaks the policies relating to their
particular purview.

Currently, I find I keep creating a <Policy> solely because I
need a <Rule>.  The <Policy> element serves only to be a <Rule>
wrapper that allows the <Rule> to be referenced from a
<PolicySet>.  This is a workaround, but it means the resulting
policies are much wordier than necessary.

Anne H. Anderson             Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311     Tel: 781/442-0928
Burlington, MA 01803-0902 USA  Fax: 781/442-1692

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]