OASIS eXtensible Access Control Markup Language (XACML) TC

RE: [xacml] [policy-model] A Proposal

  • 1.  RE: [xacml] [policy-model] A Proposal

    Posted 12-03-2001 14:22
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: RE: [xacml] [policy-model] A Proposal


    Title: RE: [xacml] [policy-model] A Proposal

    Michiharu - Thanks for this proposal on extensibility.  I suspect that we will delay discussion of extensibility points until the model is settled.  However, it will become important at that time.

    In the model, as currently described, we do not include separate elements for "grant" and "deny".  Instead, the "deny" semantics are provided by "and" and "not" ...

    <and>
    <predicate>grant_condition</predicate>
    <not>
    <predicate>deny_condition></predicate>
    </not>
    </and>

    With this approach, no explicit grant element is required: if the applicable policy evaluates TRUE, then the PDP may return the saml "permit" status code.

    All the best.  Tim.

    -----------------------------------------
    Tim Moses
    Tel: 613.270.3183