From: Polar Humenn <pol...@syr.edu>
To: Daniel Engovatov <deng...@crosslogix.com>
Subject: RE: [xacml] [CR] Add Default-deny policy combination algorithm
Date: Thu, 22 Aug 2002 15:57:55 -0400 (EDT)
For this simplistic case, probably nothing.
But don't get into minimal normal form arguments with me! :)
Default-Deny can be taken care of with combination of a FirstApplicable
combination of a Deny-Overrides combination as the first element, and a
applicable policy stating Deny as the second (i.e. last) element.
On Thu, 22 Aug 2002, Daniel Engovatov wrote:
Role is "Salesman" - Deny
What's so unnecessary about that?
What will be the difference from
Role != "Salesman" - Permit
Anne H. Anderson Email: Anne...@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692