OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: [xacml] [CR] Add Default-deny policy combination algorithm

  • 1.  RE: [xacml] [CR] Add Default-deny policy combination algorithm

    Posted 08-23-2002 14:15
    I accept this solution. Thanks! I now cancel my [CR} for Default-Deny combining algorithm. Anne On 22 August, Polar Humenn writes: RE: [xacml] [CR] Add Default-deny policy combination algorithm > From: Polar Humenn <polar@syr.edu> > To: Daniel Engovatov <dengovatov@crosslogix.com> > Subject: RE: [xacml] [CR] Add Default-deny policy combination algorithm > Date: Thu, 22 Aug 2002 15:57:55 -0400 (EDT) > > > > For this simplistic case, probably nothing. > > But don't get into minimal normal form arguments with me! :) > > Default-Deny can be taken care of with combination of a FirstApplicable > combination of a Deny-Overrides combination as the first element, and a > applicable policy stating Deny as the second (i.e. last) element. > > On Thu, 22 Aug 2002, Daniel Engovatov wrote: > > > ---- > > Default-Permit > > { > > Role is "Salesman" - Deny > > } > > > > What's so unnecessary about that? > > > > -Polar > > ----- > > > > > > What will be the difference from > > > > default-deny > > { > > Role != "Salesman" - Permit > > } > > > > -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692