MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Permit-Overrides PolicyCombiningAlg
According to XACML 2.0 Appendix C.3 Permit-overrides, if the set of
policy values being combined consists of Indeterminates and Denies, then
the result is Deny.
This seems inconsistent with the intent of "Permit-overrides". Had no
error occurred, one of the Indeterminate policies might have been a
Permit, and then the result would have been Permit. Why are we treating
an unknown that might have been a Permit as a Deny?
Regards,
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]