RE: [xacml] Updated policy template wiki

["Sinnema, Remon" <remon.sinnema@emc.com>]

Hi Jean-Paul,


> -----Original Message-----
> From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On
> Behalf Of Jean-Paul Buu-Sao
> Sent: Wednesday, October 10, 2012 9:46 AM
> To: Erik Rissanen; Steven Legg
> Cc: Danny Thorpe; xacml@lists.oasis-open.org
> Subject: RE: [xacml] Updated policy template wiki
> 
> 1a) I have a very large number of policies (say, N > 10000) that are all
> identical, except for the constant values that contain in their access
rules.
> Every single one of these policies has a unique identity.
> 1b) We build one template which, given the correct dataset, can produce
the
> same N policy instances
> 
> Let now introduce the modality. There are two use-cases:
> 
> 2a) The policy authority uses the template mechanism to ease the
> production of the N policy instances, which are all produced before being
> distributed for execution. Organizations implementing the policy do not
see
> the policy template, only the N policy instances
> 2b) The policy authority distributes the its policy template to
organizations.
> Each organization need to supply n policy data (n is a small number,
typically
> between 1 and 100) which, combined with the policy template, produces n
> policy instances
> 
> The "iteration" can occur on either 2a or 2b (i.e. iterate through N
policy data,
> or through n policy data). Objective is to produce the N or n policy
instances.

I'm still confused.

What do N and n represent? Is the "policy data" in "N policy data" and "n
policy data" the same? If not, then please use different terms. Also,
something more specific than "data" would help me.


Thanks,
Ray

Attachment: smime.p7s
Description: S/MIME cryptographic signature