atom feed6 messages in org.oasis-open.lists.xacmlRe: [xacml] [CR] Add Default-deny pol...
FromSent OnAttachments
Anne AndersonAug 22, 2002 11:56 am 
Polar HumennAug 22, 2002 12:01 pm 
Anne AndersonAug 22, 2002 12:07 pm 
Polar HumennAug 22, 2002 12:45 pm 
Polar HumennAug 22, 2002 1:16 pm 
Anne AndersonAug 23, 2002 7:14 am 
Subject:Re: [xacml] [CR] Add Default-deny policy combination algorithm
From:Anne Anderson (Anne@Sun.com)
Date:Aug 22, 2002 12:07:21 pm
List:org.oasis-open.lists.xacml

On 22 August, Polar Humenn writes: Re: [xacml] [CR] Add Default-deny policy combination algorithm

If we add that, we should probably add the analogous "Default-permit" algorithm as well to keep it semmetric.

Default-deny is needed to prevent security breaches, such as having web services interpret NotApplicable as "Permit", where this is not the intent.

Default-permit might be nice for symmetry, but it is not necessary.

Anne

-- Anne H. Anderson Email: Anne@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692