my comments were directed at the implementation of rule #2 below. if
'Bill' is the identity of the entity as known by the PDP, the 'universe'
is bounded and is not reasonably subject to the issues you raised. on
the other hand, i agree that #1, #3 and #4 are.
b
Hal Lockhart wrote:
>
> I should have begun by saying that when I refer to negative policies, I am
> actually referring to a number of different kinds of policies which have
> different negative aspects. What they have in common is that they express
> what is not the case rather than what is the case. Some of the problems I
> have seen apply to all types of negative policies, some only apply to some
> types. However because of the number of distinct types of problems I have
> become wary of all types of negative policies.
>
> Some examples of what I consider to be negative policies:
>
> 1. under such and such conditions, the READ operation is not allowed.
>
> 2. Bill is not allowed to do such and such
>
> 3. Vice Presidents are not allowed to do such and such
>
> 4. Such and such a policy does not apply to
> http://www.example.com/my/files/*