OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


Subject: Re: [xacml] Question of the AnyOf - AllOf construct


Hi Jean-Paul,

You forgot to look at the meaning of the <Target/> element itself which - according to the spec - behaves as an AND (AllOf). So in fact, a target lets you express: AllOf(AnyOf(Allof())

Quote: The <Target> element SHALL contain a conjunctive sequence of <AnyOf> elements

I hope this helps,
David.

On Tue, Oct 30, 2012 at 2:03 PM, Jean-Paul Buu-Sao <jean-paul.buu-sao@tscp.org> wrote:

Greetings

 

I see that the XACML 3.0 Policy Language model defines that Target has AnyOf elements, which have AllOf elements. There are cases however where one more to express Target having AllOf elements, which have AnyOf elements. I am aware that one form can be rewritten using the other form, although at the cost of a more verbose _expression_.

 

“AnyOf – AllOf” (supported)

Expresses (a1 && a2) || (b1 && b2)

 

“All-Of – AnyOf” (not supported)

Expresses (a1 || a2) && (b1 || b2)

 

For example, the _expression_ (a1 || a2) && (b1 || b2) using the “AnyOf – AllOf” would be rewritten as (a1 && b1) || (a1 && b2) || (a2 && b1) || (a2 && b2)

 

My question is: is there a reason why “All-Of – AnyOf” was not considered (in addition to “AnyOf – AllOf”), so to make the language model more flexible? Was it because we wanted a canonical representation to reduce equivalences?

 

Thanks,

Jean-Paul Buu-Sao

 




--
David Brossard, M.Eng, SCEA, CSTP
Product Manager
+46(0)760 25 85 75
Axiomatics AB
Skeppsbron 40
S-111 30 Stockholm, Sweden
http://www.linkedin.com/companies/536082
http://www.axiomatics.com
http://twitter.com/axiomatics



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]