OASIS eXtensible Access Control Markup Language (XACML) TC

RE: [xacml] Proposed semantics for operations involving INDETERMI NATE

  • 1.  RE: [xacml] Proposed semantics for operations involving INDETERMI NATE

    Posted 07-24-2002 19:16
    Title: RE: [xacml] Proposed semantics for operations involving INDETERMI NATE Rule-combining algorithm.  I call it differntly to distinguish from the one defined in the standrad (takes into account only the defined states in response.  On lower level it has to take into account other possible outcomes: - not applicable, evaluated but could not finish (division by 0, timeout, data missing..), evaluated - returned false,  evaluated returned true - produce permit or deny effect..  The basic idea I was arguing about - moving this low level outcomes higher in the protocol food chain to allow combining results from clustered PDPs and to allow, when it is needed, distinguishing between this evauation results.  Provides for a more flexible Rule-combining algorithm.. Can be done with advice, I agree - just does not look as clean and impossible to interoperate.. Daniel.