Improved text for combining algorithms

[Erik Rissanen <erik@axiomatics.com>]

All,

We have decided to update the descriptions of the combining algorithms 
since the textual descriptions were not correct.

I have made the following changes to my working copy of the next draft:

I added the text "Pseudo code is normative, descriptions in English are 
non-normative" in the beginning of appendix C.

For deny overrides rule combining I wrote:

-- 8< --
The following is a non-normative informative description of this 
combining algorithm.
The deny overrides rule combining algorithm is intended for those cases 
where a deny decision should have priority over a permit decision. This 
algorithm has the following behavior.
1.    If any rule evaluates to "Deny", the result is "Deny".
2.    Otherwise, if any rule having Effect="Deny" evaluates to 
"Indeterminate", the result is "Indeterminate".
3.    Otherwise, if any rule evaluates to "Permit", the result is "Permit".
4.    Otherwise, if any rule having Effect="Permit" evaluates to 
"Indeterminate", the result is "Indeterminate".
5.    Otherwise, the result is "NotApplicable".
-- 8< --

For deny overrides policy combining I wrote:

-- 8< --
The following is a non-normative informative description of this 
combining algorithm.
The deny overrides policy combining algorithm is intended for those 
cases where a deny decision should have priority over a permit decision. 
This algorithm has the following behavior.
1.    If any policy evaluates to "Deny", the result is "Deny".
2.    Otherwise, if any policy evaluates to "Indeterminate", the result 
is "Deny".
3.    Otherwise, if any policy evaluates to "Permit", the result is 
"Permit".
4.    Otherwise, the result is "NotApplicable".
-- 8< --


For permit overrides rule combining I wrote:

-- 8< --
The following is a non-normative informative description of this 
combining algorithm.
The permit overrides rule combining algorithm is intended for those 
cases where a permit decision should have priority over a deny decision. 
This algorithm has the following behavior.
1.    If any rule evaluates to "Permit", the result is "Permit".
2.    Otherwise, if any rule having Effect="Permit" evaluates to 
"Indeterminate", the result is "Indeterminate".
3.    Otherwise, if any rule evaluates to "Deny", the result is "Deny".
4.    Otherwise, if any rule having Effect="Deny" evaluates to 
"Indeterminate", the result is "Indeterminate".
5.    Otherwise, the result is "NotApplicable".
-- 8< --


For permit overrides policy combining I wrote:

-- 8< --
The following is a non-normative informative description of this 
combining algorithm.
The permit overrides policy combining algorithm is intended for those 
cases where a permit decision should have priority over a deny decision. 
This algorithm has the following behavior.
1.    If any policy evaluates to "Permit", the result is "Permit".
2.    Otherwise, if any policy evaluates to "Deny", the result is "Deny".
3.    Otherwise, if any policy evaluates to "Indeterminate", the result 
is "Indeterminate".
4.    Otherwise, the result is "NotApplicable".
--8<--

I did not change the pseudo code.

I did not change the other combining algorithms since I think the 
descriptions are ok for them.

Let me know of any errors/objections.

Regards,
Erik