I sent mail yesterday about needing an xacml:DecisionType. After looking into the matter more, I believe more is needed. saml:DecisionType has three values: "Permit", "Deny", and "Indeterminate". We currently use some kind of "DecisionType" in the following situations: 1. The "Effect" attribute of a policy "Rule", as defined in "RuleType". The values here should be limited to "Permit" or "Deny" 2. The "FulfilOn" attribute of a policy "Obligation" as defined in "ObligationType". Again, here, the values should be limited to "Permit" or "Deny". 3. The "Effect" element of a response context Decision. Here, the values should be "Permit", "Deny", and at least one other value, which should be able to convey "Indeterminate", "Inapplicable", or other error type. Perhaps the one other value is "Indeterminate", and the Advice element then conveys whether the error is due to "Missing Information", "Inapplicable", etc. This would fit the saml DecisionType definition. Anne -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692