[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [xacml] Generalizing on-permit-apply-second
Hi Ray, On 22/05/2013 5:31 PM, Sinnema, Remon wrote:
Hi Steven,-----Original Message----- From: email@example.com [mailto:firstname.lastname@example.org] On Behalf Of Steven Legg Sent: Wednesday, May 22, 2013 9:11 AM To: Erik Rissanen Cc: Bill Parducci; email@example.com Subject: Re: [xacml] Generalizing on-permit-apply-second It means a bit more policy set wrapping, but is more robust and easier to follow.I don't agree with that statement. There is a reason most programming languages have a "switch" or "case" construct in addition to "if".
Yeah, but those languages have a syntax to introduce the various parts of the construct. All we have in a policy set is a list of policies and policy sets (and references to same). The part each plays in the "switch" construct is solely determined by position. Go to any policy in a big policy set and you won't know what part it plays except by counting back to the beginning. At least with nested on-permit-apply-second one only needs to count to three at most. We're also talking about something more general that a switch or case because we are applying a test at each second policy. It's more like: if condition A policy set 2 else if Condition B policy set 4 else if Condition C policy set 6 ... else policy set N than switch (condition) case 1: policy set 2 case 2: policy set 4 case 3: policy set 6 ... default: policy set N Regards, Steven