[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Generalization
Colleagues - Response to a couple of questions raised during our discussion of this topic in Thursday's telecon. All discussion is relative to rules combined into a policy; policies combined into a policyset behave analogously. 1. Daniel asked about non-applicable rules. These do not contribute any obligations to the combination. If none of the rules contribute obligations, then the policy value is null. 2. Polar said that an alternative approach would be to leave Effect values undefined in the core and allow extensions to define suitable values. This is definitely a possibility. I prefer the approach that I described for two reasons. a. It treats the obligation as the principal result. It is the more general concept. Effect, which is relevant only to access control, is set by an obligation. b. It simplifies combining algorithms. The obligations associated with an Indeterminate result are explicitly stated in the policy, and the combining algorithm handles obligations independent of the rule values that gave rise to them. Of course, this approach would cause us to make Obligations a mandatory part of the standard. But, nothing in this approach infringes on IBM's patent. All the best. Tim. ----------------------------------------------------------------- Tim Moses 613.270.3183
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]