AFAIK, there is no abstaining. In most of the security frameworks I've worked with, this is a boolean thing, if you are not allowed to do something, that means it is denied.
Prabath, in XACML, as a best practice, we've been putting a deny Rule at the end of most policies. But what happens if that is not declared? What does the Sun XACML engine return? Azeez On Sat, Jan 29, 2011 at 12:23 PM, Danushka Menikkumbura <danus...@wso2.com>wrote: > > Lets take two scenarios. >> >> 1. Application has not set the authorizes details >> 2. Application has set the action to deny. >> >> in both cases authorization manger returns false. (Obviously it can not >> return true). >> > > We need to have a new method to check denial. > > So, (isAuthorized == false) and (isDenied == false) simply means that I > have no idea what this resource means so that am abstaining from saying > anything. > > Ideally isAuthorized should have returned enum {ALLOWED, DENIED, ABSTAIN} > but we can not afford to do that now. > > Thanks, > Danushka > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- *Afkham Azeez* Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com, * * *Member; Apache Software Foundation; **http://www.apache.org/*<http://www.apache.org/> * email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919 blog: **http://blog.afkham.org* <http://blog.afkham.org>* twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> * linked-in: **http://lk.linkedin.com/in/afkhamazeez* * * *Lean . Enterprise . Middleware*
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev