RE: [xacml] [CR] Add Default-deny policy combination algorithm - Anne Anderson - org.oasis-open.lists.xacml

6 messages in org.oasis-open.lists.xacmlRE: [xacml] [CR] Add Default-deny pol...

From	Sent On	Attachments
Anne Anderson	Aug 22, 2002 11:56 am
Polar Humenn	Aug 22, 2002 12:01 pm
Anne Anderson	Aug 22, 2002 12:07 pm
Polar Humenn	Aug 22, 2002 12:45 pm
Polar Humenn	Aug 22, 2002 1:16 pm
Anne Anderson	Aug 23, 2002 7:14 am

Subject:	RE: [xacml] [CR] Add Default-deny policy combination algorithm
From:	Anne Anderson (Anne...@Sun.com)
Date:	Aug 23, 2002 7:14:37 am
List:	org.oasis-open.lists.xacml

I accept this solution. Thanks! I now cancel my [CR} for Default-Deny combining algorithm.

Anne

On 22 August, Polar Humenn writes: RE: [xacml] [CR] Add Default-deny policy combination algorithm

From: Polar Humenn <pol...@syr.edu> To: Daniel Engovatov <deng...@crosslogix.com> Subject: RE: [xacml] [CR] Add Default-deny policy combination algorithm Date: Thu, 22 Aug 2002 15:57:55 -0400 (EDT)

For this simplistic case, probably nothing.

But don't get into minimal normal form arguments with me! :)

Default-Deny can be taken care of with combination of a FirstApplicable combination of a Deny-Overrides combination as the first element, and a applicable policy stating Deny as the second (i.e. last) element.

On Thu, 22 Aug 2002, Daniel Engovatov wrote:

---- Default-Permit { Role is "Salesman" - Deny }

What's so unnecessary about that?

-Polar

-----

What will be the difference from

default-deny { Role != "Salesman" - Permit }

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets