MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] Match/No-Match Semantics
Greetings,
Apparently we have what I believe is an inconsistency in the evaluation of
the rules with respect to expressions resulting in errors and the target
match semantics.
For the Target we have only two values Match and No-Match, and have said
that if an error occurs while evaluating the target, the result is a
No-Match.
If we evaluate equivalent expressions, one in the target, the other in a
condition, we would get two different results.
For example, let's say we have a situation such that an
AttributeDesignator is not available, and any call to it will result in an
operational error.
Let's say we have a rule with an ANY target and a condition that performs
a match on this AttributeDesignator. The result of the condition is
Indeterminate, and therefore the rule is evaluated to Indeterminate.
Let's also say we have a rule with a target that performs the equivalent
match on that particular designator. We have said that we map any Error to
a No-Match situation. In that case, then the rule is evaluated to
NotApplicable.
Does this situation sit right with people?
Cheers,
-Polar
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC