It just occurred to me that there is a substantive question related to this.
Currently, a policy conflict occurs when you have 2 or more rules and they
get different answers. Presumably this means how you decide to allow or not
allow access. But what about the various post conditions associated with the
rules? How does the PDP decide which post conditions should occur?
I think this is where we are hurt by not having a VM model for policy
evaluation --- or, in another view, not having a model for the relationship
between walking the tree and executing nodal behaviors (here, policies with
post-conditions). In other words, the operational lifecycle of the node...
In one view, there should be a prioritization of the evaluation of policies that
hook nodal operations. This is extremely important, since a post-condition could
cause the short-circuiting of parsing of the sub-tree under a particular node;
one would therefore want higher-priority policies to evaluate before lower
priority. Also, if certain policies set attributes that affect the outcome of
other policies, one would want those to be of higher priority.
Some document processing models (e.g. Multivalent Documents [Phelps]) have a
notion of "before" and "after" sequencing of nodal operations, with high
priority behaviors having the "first and last words."
| John S. Erickson, Ph.D.
| Hewlett-Packard Laboratories
| PO Box 1158, Norwich, Vermont USA 05055
| 802-649-1683 (vox) 802-371-9796 (cell) 802-649-1695 (fax)
| john...@hpl.hp.com AIM/YIM/MSN: olyerickson