[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules"
Erik, From: firstname.lastname@example.org [mailto:email@example.com] On Behalf Of Erik Rissanen Sent: Friday, February 24, 2012 10:12 AM To: firstname.lastname@example.org Subject: Re: [xacml] Comment on issue 8? "choice element" or "Policy w no Rules" > The current table looks like this: > > Target Rule values Policy Value > “Match” Don’t care Specified by the rule-combining algorithm > “No-match” Don’t care “NotApplicable” > “Indeterminate” See Table 7 See Table 7 > > The change was introduced in wd 20 in order to make sure the new combining algorithms were always > invoked. It would be confusing if a policy with permit-unless-deny could return not-applicable since > this algorithm was specifically introduced to guarantee that N/A or Indeterminate are never returned. Granted, but it's more confusing to me that a Policy without any Rules has any impact on the decision at all. BTW, section 3.3, Policy Language Model, states that a Policy should have 1..* Rules. Oddly, this section states that a PolicySet should have 0..* Policies. Thanks, Ray