<snip/>
> Rules are packaged in a group known as a ruleset, which uses a conflict
> resolution algorithm. The following algos are provided:
I should have said rules can be packages in arbitrary groups (a.k.a rule
sets). Each rule set uses its own conflict resolution algorithm.
Ultimately there is a root rule set that is responsible for the final
decision. Based on that decision (permit, deny or not applicable), the
Authorizer render an authorization decision, true/false, i.e. permit/deny.
-- Vincent
|