A single tree?

[Polar Humenn <polar@syr.edu>]

In 7.2 Base Policy the last paragraph states:

In the case of a PDP that retrieves policies according to the decision
request that it is processing, the base policy SHALL contain a <Policy>
Element containing a <Target> element that matches every possible
decision request and a PolicyCOmbiningAlgId attribute with the value of
"Only-one-applicable". In other words, the PDP SHALL return an error if it
retrieves policies that do not form a single tree.

I'm pretty sure what I this is trying to say is that this PDP thingy, of
which we have no management interfaces for, no configurational
specification of, is supposed to operate in such a way that it is forced
store its policies in such a way that the PDP forced to retrieve only a
single <Policy> or <PolicySet> per any decision request it may come
across.

I may or may not choose to implement a PDP in such a fashion. Since PDP
doesn't have to store or "retrieve" its policies in XML. I may configure
it differently, say it follows a majority strategy for retrieving several
applicable policies to the decision request.

However, above, in the text, what I think needs to be corrected is that
this "base"  policy should contain a <PolicySet> (not a <Policy>) as the
PDP is retrieving "policies", which I assume are either <Policy> or
<PolicySet> items. I assume it's not retrieving rules.

The last statement I don't understand. What is a "single tree"?

I think this statement would be better and more clearly stated as,

"In other words, the PDP SHALL return an error if it retrieves more than
one policy for any decision request."

Cheers,
-Polar