What is the Vocabulary of an Intersected Policy

We spoke briefly about this on the call today and I see a problem.
This note is an attempt to state the problem clearly.

Consider two normalized policies:

<Policy>
    <ExactlyOne>
        <All>
              <A/>
               <B/>
        </All>
         <All>\
                <C/>
         </All>
      </ExactlyOne>
</Policy>

<Policy>
    <ExactlyOne>
        <All>
              <A/>
               <B/>
        </All>
         <All>\
                <D/>
         </All>
      </ExactlyOne>
</Policy>

Let us intersect these two policies.  What we get is:

<Policy>
    <ExactlyOne>
        <All>
              <A/>
               <B/>
        </All>
    </ExactlyOne>
</Policy>

Now, what is the vocabulary of this policy?  Looking at this policy alone it should be { A, B}.
BUT, Chris points out the vocabulary should be {A,B,C,D} to remember the fact that this was the union of the vocabularies of the two intersected policies and that {C. D} must not be applied since they were not selected.

This seems like a contradiction.   To remember the negative decision we need to include assertions that are not in the policy, in its vocabulary.

SOLUTIONS:
The only viable solution that I can see is to drop the 'negation' semantic, namely, "When an assertion whose type is part of the policy's vocabulary is not included in a policy alternative, the policy alternative without the assertion type indicates that the assertion will not be applied in the context of the attached policy subject."   (Dale was arguing for this on other grounds as well)  Some would object strongly to this.  A counter proposal would be to add an explicit NOT operator.

Unfortunately, these are radical suggestions but I do not see any other way out.   

All the best, Ashok

Received on Wednesday, 18 April 2007 21:20:26 UTC