On 22 August, Polar Humenn writes: Re: [xacml] [CR] Add Default-deny policy combination algorithm > If we add that, we should probably add the analogous "Default-permit" > algorithm as well to keep it semmetric. Default-deny is needed to prevent security breaches, such as having web services interpret NotApplicable as "Permit", where this is not the intent. Default-permit might be nice for symmetry, but it is not necessary. Anne -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692