Re: [xdi] XDI TC Notes Unofficial Telecon Friday 2015-10-05

["=Drummond Reed" <drummond@respect.network>]

I agree that Peter has a great point, and also with Phil that we don't need to reinvent anything XACML has already figured out. I do think we should adapt to XDI, simply because the XML and XDI graph models are different, but ideally that's not hard.

In any case, the next step is to investigate the XACML model closely. Peter, any links to good resources that can help us analyze it quickly (besides just going straight to the specs)?

On Thu, Oct 8, 2015 at 12:16 PM, Phillip J. Windley <phil@windley.org> wrote:

There’s no need to reinvent the wheel. XACML has already been down this road (as have other policy standard activities). We ought to take what works and use it.

> On Oct 8, 2015, at 2:08 PM, Davis, Peter <Peter.Davis@neustar.biz> wrote:
>
> On Oct 7, 2015, at 1:07 AM, =Drummond Reed <drummond@respect.network> wrote:
>>
>>      • The first policy to result to evaluate to true wins.
>
> I don't think this is always the case. For example, in XACML, the policy set can have several rule combining outcomes:
>
> - Deny-overrides (Ordered and Unordered),
> - Permit-overrides (Ordered and Unordered),
> - First-applicable and
> - Only one applicable
>
> you describe the "permit overrides" form, but, in my experience, "deny-overrides" is more common
>
> =peterd
>
>