On 22 August, Polar Humenn writes: Re: [xacml] [CR] Add Default-deny policy combination algorithm
If we add that, we should probably add the analogous "Default-permit"
algorithm as well to keep it semmetric.
Default-deny is needed to prevent security breaches, such as
having web services interpret NotApplicable as "Permit", where
this is not the intent.
Default-permit might be nice for symmetry, but it is not
Anne H. Anderson Email: Anne...@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692