MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [xacml] [policy-model] A Proposal
Title: RE: [xacml] [policy-model] A Proposal
Michiharu - Thanks for this proposal on extensibility. I suspect that we will delay discussion of extensibility points until the model is settled. However, it will become important at that time.
In the model, as currently described, we do not include separate elements for "grant" and "deny". Instead, the "deny" semantics are provided by "and" and "not" ...
<and>
<predicate>grant_condition</predicate>
<not>
<predicate>deny_condition></predicate>
</not>
</and>
With this approach, no explicit grant element is required: if the applicable policy evaluates TRUE, then the PDP may return the saml "permit" status code.
All the best. Tim.
-----------------------------------------
Tim Moses
Tel: 613.270.3183