OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Policy reference evaluation

  • 1.  Policy reference evaluation

    Posted 09-27-2008 15:06
    All,
    
    I'm working through all the small fixes to the issues posted on the 
    comments list. When I was to define error behavior for circular policy 
    references, I could not find any section on policy reference evaluation 
    at all, so I am adding this:
    
    --8<--
    7.12 PolicySetIdReference and PolicyIdReference evaluation
    
    A policy set id reference or a policy id reference is evaluated by 
    resolving the reference and evaluating the referenced policy set or policy.
    
    If resolving the reference fails, the reference evaluates to 
    “Indeterminate” with status code 
    urn:oasis:names:tc:xacml:1.0:status:processing-error.
    
    A policy set id reference or a policy id reference containing circular 
    references is invalid. The PDP MUST detect circular references either at 
    policy loading time or during runtime evaluation. If the PDP detects a 
    circular reference during runtime the reference evaluates to 
    “Indeterminate” with status code 
    urn:oasis:names:tc:xacml:1.0:status:processing-error.
    --8<--
    
    Regads,
    Erik