[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: PolicySetIdReference Questions
During a collaboration session with the TCG IF-MAP working group a question regarding the language in the XACML core specification came up that I was unable to answer and agreed to bring to the XACML TC for clarification.
In section 5.10 Element <PolicySetIdReference> of the xacml-3.0-core-spec-en; starting at line 1973 "In the case that more than one matching version can be obtained, then the most recent one SHOULD be used."
In the case where there are two or more PolicySets that have the same PolicySetId value and the same version value:
1.) Can it be guaranteed that the “most recent” will always be selected?
2.) How is the “most recent” selected (e.g. by date-time, largest Version value, etc)?
3.) Does “SHOULD” (RFC2119) mean that the PEP cannot assume that the “most recent” will be selected?
4.) Can the PEP assume that the PDP will at least select consistently, changing its selection when a version of the Policy/PolicySet is added or removed?
In the case where there are two or more PolicySets that have the same PolicySetId value but different version values how would these questions (1 – 4 above) be answered?