[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: A single tree?
In 7.2 Base Policy the last paragraph states: In the case of a PDP that retrieves policies according to the decision request that it is processing, the base policy SHALL contain a <Policy> Element containing a <Target> element that matches every possible decision request and a PolicyCOmbiningAlgId attribute with the value of "Only-one-applicable". In other words, the PDP SHALL return an error if it retrieves policies that do not form a single tree. I'm pretty sure what I this is trying to say is that this PDP thingy, of which we have no management interfaces for, no configurational specification of, is supposed to operate in such a way that it is forced store its policies in such a way that the PDP forced to retrieve only a single <Policy> or <PolicySet> per any decision request it may come across. I may or may not choose to implement a PDP in such a fashion. Since PDP doesn't have to store or "retrieve" its policies in XML. I may configure it differently, say it follows a majority strategy for retrieving several applicable policies to the decision request. However, above, in the text, what I think needs to be corrected is that this "base" policy should contain a <PolicySet> (not a <Policy>) as the PDP is retrieving "policies", which I assume are either <Policy> or <PolicySet> items. I assume it's not retrieving rules. The last statement I don't understand. What is a "single tree"? I think this statement would be better and more clearly stated as, "In other words, the PDP SHALL return an error if it retrieves more than one policy for any decision request." Cheers, -Polar
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]