All,
I'm working through all the small fixes to the issues posted on the
comments list. When I was to define error behavior for circular policy
references, I could not find any section on policy reference evaluation
at all, so I am adding this:
--8<--
7.12 PolicySetIdReference and PolicyIdReference evaluation
A policy set id reference or a policy id reference is evaluated by
resolving the reference and evaluating the referenced policy set or policy.
If resolving the reference fails, the reference evaluates to
“Indeterminate” with status code
urn:oasis:names:tc:xacml:1.0:status:processing-error.
A policy set id reference or a policy id reference containing circular
references is invalid. The PDP MUST detect circular references either at
policy loading time or during runtime evaluation. If the PDP detects a
circular reference during runtime the reference evaluates to
“Indeterminate” with status code
urn:oasis:names:tc:xacml:1.0:status:processing-error.
--8<--
Regads,
Erik