I would like to be able to use policies for both "authorization" and
"obligation". To facilitate this, it would be useful to have a single
evaluation method, used for both situations, that always returned the
result of the condition statement evaluation. One solution could be to
change PolicyEvaluator interface from:
public Object evaluatePolicy(SPLPolicy cp, Map instances)
throws SPLException;
to
public EvaluationResults evaluatePolicy(SPLPolicy cp, Map instances)
throws SPLException;
The new EvaluationResults object could contain the status code that is
currently being returned, as well as the result of the condition. This
object could hold any other information of interest too of course.
Thoughts?
(My apoligies if you receive this twice. I originally sent it to the users
mailing list).
David Wood
Network Server System Software Group
IBM TJ Watson Research Center
[EMAIL PROTECTED]
914-784-5123 (office), 914-396-6515 (mobile)
