OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml] Generalizing on-permit-apply-second

Hi Ray,

On 22/05/2013 5:31 PM, Sinnema, Remon wrote:
Hi Steven,

-----Original Message-----
From: xacml@lists.oasis-open.org [mailto:xacml@lists.oasis-open.org] On Behalf Of Steven Legg
Sent: Wednesday, May 22, 2013 9:11 AM
To: Erik Rissanen
Cc: Bill Parducci; xacml@lists.oasis-open.org
Subject: Re: [xacml] Generalizing on-permit-apply-second

It means a bit more policy set wrapping, but is more robust and easier to follow.

I don't agree with that statement. There is a reason most programming languages have a "switch" or "case" construct in addition to "if".

Yeah, but those languages have a syntax to introduce the various parts of
the construct. All we have in a policy set is a list of policies and policy sets
(and references to same). The part each plays in the "switch" construct is solely
determined by position. Go to any policy in a big policy set and you won't know
what part it plays except by counting back to the beginning. At least with
nested on-permit-apply-second one only needs to count to three at most.

We're also talking about something more general that a switch or case because
we are applying a test at each second policy.

It's more like:

    if condition A
        policy set 2
    else if Condition B
        policy set 4
    else if Condition C
        policy set 6
        policy set N


    switch (condition)
    case 1: policy set 2
    case 2: policy set 4
    case 3: policy set 6
    default: policy set N



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]