Greetings,
In response to some query about the expressiveness of evaluation of
policies from different places, I would like to point the group to the
CORBA Resource Access Decision specification (RAD).
http://www.omg.org/cgi-bin/doc?formal/01-04-11.pdf
and we may want to include it the document repository.
It has in it an Access Decision model in which not only policies are
located, but also, a policy evaluation combinator is located for a
particular resource.
Note, there is no language component to this specification.
However, it does present a model by which policy can be distributed and
evaluated. A combinator, which has an interface operation of
"evaluate_policies" takes the list of located policies for the resource,
the attribute list of the subject, and the operation (i.e. Action) on the
resource) and evaluates the decision.
That way, depending the semantics of the combinator you choose for the
resource, your combinator may choose to ignore, or evaluate only some
policies based on the evaluations of other policies.
Cheers,
-Polar