[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Rule References
On 5 June, Polar Humenn writes: [xacml] Rule References > Once rules incorporated referenced from outside the policy, it becomes > unwieldy, as you cannot specify the evaluation semantics of a policy in > the face of dynamically updating outside rules. > > Rules can change dynamically underneath the URI. I don't like this. This is identical to the current situation with a PolicySet. The policies included via <PolicySetIdReference> and <PolicyIdReference> can "change dynamically underneath the URI". I see this as a big plus. In my organization, I want various functional units (Legal, HR, Financial, Public Policy, etc.) to be able to define their own policies, whether these are in the form of <PolicySet>, <Policy>, or <Rule> elements, and I want to be able to construct operating policies that include those policies by reference. I want my operating policies to pick up the latest version of each referenced policy, and I don't want to have to change every operating policy each time a corporate functional entity tweaks the policies relating to their particular purview. Currently, I find I keep creating a <Policy> solely because I need a <Rule>. The <Policy> element serves only to be a <Rule> wrapper that allows the <Rule> to be referenced from a <PolicySet>. This is a workaround, but it means the resulting policies are much wordier than necessary. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]