On 31 January, bill parducci writes: Re: [xacml] Re: Boolean Policy resolution > conversely you have the example: > > your dept wants to make sure that requirements of corporate AND > department are met before allowing access. someone at corporate enters a > typo that causes the policy to return 'not applicable'. user granted > access even though they would have been denied such access had the > policy been written correctly. A typo could also cause a policy to return false or true incorrectly. I think we have to assume that policies are written correctly. Where we can think of ways to make it more likely that a policy will be written correctly, however, then by all means let's use them. I don't think this is one of those ways, however. Anne -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692