[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PatternConflict exception
Then I'm removing PatternConflict exception from the spec.
Konstantin
>
>
> Konstantin's view is correct. I've provided Carol with text which says
> that the list of evaluators returned
> when more than one pattern matches the name provided via input argument is
> the union of the evaluators
> on the lists of all the matched patterns.
>
> Which combinator is returned in this case (only one will be returned) is up
> to the implementation.
>
> We already did make a decision on this, during the Tue. call, and the
> results are the text I provided to Carol
> and have summarized here.
>
> --bob
>
> Bob Blakley
> IBM Lead Security Architect
> Voice: +1 (512) 838-8133
> Fax: +1 (512) 838-0156
> Post: 11400 Burnet Road, Mail Stop 9134, Austin, TX 78758 USA
> Internet: blakley@us.ibm.com
>
>
>
> Konstantin Beznosov <beznosov@baptisthealth.net> on 02/25/99 10:56:55 AM
>
> Please respond to Konstantin Beznosov <beznosov@baptisthealth.net>
>
> To: Robert Burt <bburt@2ab.com>
> cc: hrac-rfp@cs.fiu.edu (bcc: Bob Blakley/Austin/IBM)
> Subject: Re: PatternConflict exception
>
>
>
>
>
> Bob and others,
>
> As far as I understand the semantics of add/delete/set_evalautors() and
> get_policy_decision_evaluators() from last submitters meeting (I've not
> checked
> if it is reflected in the current submission text), if a resource name
> matches
> more than one pattern then get_policy_decision_evaluators() is supposed to
> return a union of evaluators that are registered with all patterns which
> the
> resource name matches. And, it is NOT an implementation-dependent thing.
> Please
> Bob Blakley, John and Carol correct me if I misunderstood this.
> If my understanding is correct, then add/set_evaluators() can NOT rise
> PatternConflict exception.
>
> Let's make a decision on it today or tomorrow.
>
>
> > It is my impression that the patterns can either be edited for
> consistency
> > at registration time or the EvaluatorLocator can make a decision on which
> > of two conflicting patterns to use, or even to use both. From the spec
> the
> > above seems to be an implementation decsision. I personally would think
> > that an implentation could have better performance if it did the conflict
> > check at registration time, but that would be an implemenation decision.
> >
> > So what is a conflict, well if I have the following two patterns:
> >
> > A*
> > AB*
> >
> > Then a resource name "ABigPile" could be matched by either pattern. An
> > implemenationa might choose to not make this a conflict and have AB* take
> > precedence or it could consider it to be a conflict.
> >
> > Bottom line, it appears to be an implementation decision and it should
> have
> > a way of indicating the fact that it considers something to be a
> conflict.
> >
> >
> > Bob
> >
> >
> > At 10:36 AM 2/25/99 -0500, you wrote:
> > >Carol or Bob,
> > >
> > >Quick question on semantics of exception PatternConflict. The current
> > >description of the exception is as follows:
> > >
> > >"The PatternConflict exception is thrown by the
> > >PolicyEvaluatorLocatorAdmin when an register_resource_name_pattern()
> > >detects a pattern that conflicts
> > with
> > >an existing registered pattern."
> > >
> > >What kind of conflict do you have in mind, which could happen that will
> > >cause this exception to be raised?
> > >
> > >Thanks
> > >Konstantin
> > >
>
>
> ----------------
> Broadcast message to hrac-rfp from Konstantin Beznosov
> <beznosov@baptisthealth.net>.
> Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.
>
>
----------------
Broadcast message to hrac-rfp from Konstantin Beznosov <beznosov@baptisthealth.net>.
Go to http://cadse.cs.fiu.edu/omg/hrac-rfp to browse the mail list archive.