[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: follow-up on yesterday's "decision on C" vs B[i] discussion
-------- Original Message --------
It is a new class of problem. I can see a few
different approaches, but they should all be considered after 3.0.
1. Add a "decision-combining algorithm" mechanism,
whereby the Request can ask for a single decision on one resource,
based on several decisions about other resources. (It is coincidental
and irrelevant that in this case, the sub-decisions are about children
of the main resource.)
2. Implement a variable-binding mechanism to allow
values from the request context to be passed to the xpath evaluator.
3. Generalize/modify access-permitted function to
handle this case. This might be the place to put decision-combining
algorithm.
4. Specify an ordered aggregate data type ("List")
and possibly some additional functions (such as lisp "apply"). This
would allow policy writer to use ordered lists of Building/Owner and
Building/Price nodes to evaluate the properties of each Building.
I believe the access-permitted function has the
greatest possibilities, not only for this use case but for many
others. I'm sure there are implementation challenges in recursive
policy evaluation, though.
--Paul
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]