AFAIK, there is no abstaining. In most of the security frameworks I've
worked with, this is a boolean thing, if you are not allowed to do
something, that means it is denied.
Prabath, in XACML, as a best practice, we've been putting a deny Rule at the
end of most policies. But what happens if that is not declared? What does
the Sun XACML engine return?
Azeez
On Sat, Jan 29, 2011 at 12:23 PM, Danushka Menikkumbura
<danus...@wso2.com>wrote:
>
> Lets take two scenarios.
>>
>> 1. Application has not set the authorizes details
>> 2. Application has set the action to deny.
>>
>> in both cases authorization manger returns false. (Obviously it can not
>> return true).
>>
>
> We need to have a new method to check denial.
>
> So, (isAuthorized == false) and (isDenied == false) simply means that I
> have no idea what this resource means so that am abstaining from saying
> anything.
>
> Ideally isAuthorized should have returned enum {ALLOWED, DENIED, ABSTAIN}
> but we can not afford to do that now.
>
> Thanks,
> Danushka
>
> _______________________________________________
> Carbon-dev mailing list
> Carbon-dev@wso2.org
> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
>
>
--
*Afkham Azeez*
Senior Software Architect & Senior Manager; WSO2, Inc.; http://wso2.com,
*
*
*Member; Apache Software Foundation;
**http://www.apache.org/*<http://www.apache.org/>
*
email: **az...@wso2.com* <az...@wso2.com>* cell: +94 77 3320919
blog: **http://blog.afkham.org* <http://blog.afkham.org>*
twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez>
*
linked-in: **http://lk.linkedin.com/in/afkhamazeez*
*
*
*Lean . Enterprise . Middleware*
_______________________________________________
Carbon-dev mailing list
Carbon-dev@wso2.org
http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
