[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

relationship between DAS and policy evaluators

To: <hrac-rfp@cs.fiu.edu>
Subject: relationship between DAS and policy evaluators
From: "jb" <jbarkley@nist.gov>
Date: Tue, 23 Feb 1999 14:01:13 -0500
Cc: "Jb" <jbarkley@nist.gov>
Sender: owner-hrac-rfp@cs.fiu.edu


hi,

Since it was decided to not have an admin interface for the DAS, I suggest
the following text for an "Advice to Implementors" section:


An HRAC implementation may support PolicyEvaluators from different
developers. The PolicyEvaluatorLocatorAdmin interface is used to associate a
PolicyEvaluator with resources. When an access decision is requested
for those resources, that PolicyEvaluator is returned by
get_policy_decision_evaluators(). Any dynamic attributes needed by that
PolicyEvaluator are returned by the DynamicAttributeService. A
PolicyEvaluator may use dynamic attributes of other PolicyEvaluators, or a
PolicyEvaluator may make exclusive use of a dynamic attribute. When a
PolicyEvaluator is associated with resources, any new dynamic attributes
unknown to the DynamicAttributeService must be made known to the
DynamicAttributeService.

Carol: On page 14, under "DynamicAttributeService", you refer to an
AttributeEvaluator. Since we're not doing a DAS admin interface, this should
refer to "attribute evaluator". Also, the sentence after that should be
deleted as well as the sentence on page 18, section 2.4.2, item 1, referring
to an admin interface.

jb


----------------
Broadcast message to hrac-rfp from "jb" <jbarkley@nist.gov>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.

Prev by Date: pre|post-conditions and corresponding exceptions
Next by Date: KB action items
Prev by thread: pre|post-conditions and corresponding exceptions
Next by thread: KB action items
Index(es):
- Date
- Thread