MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [xacml] Re: [xacml-comment] D024
On Tue, 3 Dec 2002, Daniel Engovatov wrote:
> It seems to me that we are not talking about the same "time". XACML does not
> specify (and can not specify) the content of the context at "compile" time -
> i.e. policy exists independent of the context.
That is true.
> How can it be guaranteed to be typechecked simultaneously (though it
> certainly can be done, in particular implementations that do have
> control over context and do not have external function extensions)?
Easily. The Policy is typechecked unto itself, as is the RequestContext.
The attributes in the context are all typed, and selection from the policy
is based on type. If attribute A of type T is in the context, but the
policy is looking for attribute A of type U, then the sought after
attribute isn't there. Everything works.
> Only certain arguments can be always typechecked in advance (such as
> static value specified in policy, or <apply> elements).
All arguments can be type checked in advance.
> This is actually why it is important to NOT have polymorphic functions
> in condition, so that <apply> element always has a predefined type, even
> if its arguments are retrieved from context in the runtime.. D;
The theory of type systems and polymorphic functions allows complete
typing of every element of an expression.
Cheers,
-Polar
>
>