OASIS eXtensible Access Control Markup Language (XACML) TC

Re: [xacml] IIC012: syntax-error or processing-error?

  • 1.  Re: [xacml] IIC012: syntax-error or processing-error?

    Posted 12-04-2002 18:31
    Polar Humenn wrote: > For the case when you have a single malformed policy to be evaluated > against a request, the answer is just simply undefined. The implementer > can choose. Therefore, there should not be a "CONFORMANCE" test for it. 'undefined' needs to manifest itself somehow in the decision. back to the run-time vs. precompiled topic for a sec.. supposing that there is a use case/conformance test that has a mis-typed (or otherwise malformed) policy: under the precompiled model, this policy will simply be thrown out upon being communicated to the system; under the run-time model it will generate a status code 'other than OK' and issue a decision of INDETERMINATE. with this in mind we can: (a) allow for both of these scenarios to have it owns conformance criteria; (b) take a stand on which evaluation mechanism is supported; (c) consider it out of scope and allow for unlimted of decision/status combinations. i personally think that option 'a' is worth considering because option 'b' forces us to make an implementation decision and option 'c' is a bit loose for my taste. b