Re: policy stuffing

> > In that case, I still have to ask whether valid(p1,p2)=>valid(p1)
> > and regardless of whether that's a "yes" or "no", what goes in
> > the spec?
> 
> OK, I believe the answer is yes.

So its wrong/a bad idea to define & use p1, p2 & p3 as follows:

p1: key is generated according to rules a,b,c
p2: key is good for €1000
p3: key is good for $1000

where a responder is configured (howsoever) with the following
logic:

if (p1) {
	if (p2 || p3) status=notYetInvalid;
} else {
	status=Invalid;
}

Does that sufficiently illustrate the quagmire of exposing policy 
arithmetic? I'm sure equally daft examples could be given if
you'd said "no" above.

But, I don't think we need take this further for now (unless someone
else wants to chime in), until we've text that captures this thread.

Stephen.


-- 
____________________________________________________________
Stephen Farrell         				   
Baltimore Technologies,   tel: (direct line) +353 1 881 6716
39 Parkgate Street,                     fax: +353 1 881 7000
Dublin 8.                mailto:stephen.farrell@baltimore.ie
Ireland                             http://www.baltimore.com

Received on Wednesday, 4 December 2002 10:09:41 UTC