OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Permit-Overrides PolicyCombiningAlg

  • 1.  Permit-Overrides PolicyCombiningAlg

    Posted 04-19-2006 15:46
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: Permit-Overrides PolicyCombiningAlg


    According to XACML 2.0 Appendix C.3 Permit-overrides, if the set of 
    policy values being combined consists of Indeterminates and Denies, then 
    the result is Deny.
    
    This seems inconsistent with the intent of "Permit-overrides".  Had no 
    error occurred, one of the Indeterminate policies might have been a 
    Permit, and then the result would have been Permit.  Why are we treating 
    an unknown that might have been a Permit as a Deny?
    
    Regards,
    Anne
    -- 
    Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    Sun Microsystems Laboratories
    1 Network Drive,UBUR02-311     Tel: 781/442-0928
    Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]