From imperius-dev-return-213-apmail-incubator-imperius-dev-archive=incubator.apache.org@incubator.apache.org Wed Aug 27 13:43:23 2008 Return-Path: Delivered-To: apmail-incubator-imperius-dev-archive@locus.apache.org Received: (qmail 43292 invoked from network); 27 Aug 2008 13:43:23 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 27 Aug 2008 13:43:23 -0000 Received: (qmail 4543 invoked by uid 500); 27 Aug 2008 13:43:21 -0000 Delivered-To: apmail-incubator-imperius-dev-archive@incubator.apache.org Received: (qmail 4531 invoked by uid 500); 27 Aug 2008 13:43:21 -0000 Mailing-List: contact imperius-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: imperius-dev@incubator.apache.org Delivered-To: mailing list imperius-dev@incubator.apache.org Received: (qmail 4520 invoked by uid 99); 27 Aug 2008 13:43:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Aug 2008 06:43:21 -0700 X-ASF-Spam-Status: No, hits=-2.0 required=10.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of dawood@us.ibm.com designates 32.97.182.146 as permitted sender) Received: from [32.97.182.146] (HELO e6.ny.us.ibm.com) (32.97.182.146) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 27 Aug 2008 13:42:03 +0000 Received: from d01relay02.pok.ibm.com (d01relay02.pok.ibm.com [9.56.227.234]) by e6.ny.us.ibm.com (8.13.8/8.13.8) with ESMTP id m7RDiwBP012089 for ; Wed, 27 Aug 2008 09:44:58 -0400 Received: from d01av01.pok.ibm.com (d01av01.pok.ibm.com [9.56.224.215]) by d01relay02.pok.ibm.com (8.13.8/8.13.8/NCO v9.0) with ESMTP id m7RDgElR130342 for ; Wed, 27 Aug 2008 09:42:14 -0400 Received: from d01av01.pok.ibm.com (loopback [127.0.0.1]) by d01av01.pok.ibm.com (8.12.11.20060308/8.13.3) with ESMTP id m7RDgEoe007922 for ; Wed, 27 Aug 2008 09:42:14 -0400 Received: from d01ml605.pok.ibm.com (d01ml605.pok.ibm.com [9.56.227.91]) by d01av01.pok.ibm.com (8.12.11.20060308/8.12.11) with ESMTP id m7RDgE0S007918 for ; Wed, 27 Aug 2008 09:42:14 -0400 To: imperius-dev@incubator.apache.org MIME-Version: 1.0 Subject: ACL policies X-KeepSent: 1D2CA8C2:8EB75647-852574B2:004A17E6; type=4; name=$KeepSent X-Mailer: Lotus Notes Release 8.0.1 HF105 April 10, 2008 From: David Wood Message-ID: Date: Wed, 27 Aug 2008 09:42:13 -0400 X-MIMETrack: Serialize by Router on D01ML605/01/M/IBM(Build V85_07222008NPHF42 | August 5, 2008) at 08/27/2008 09:42:13, Serialize complete at 08/27/2008 09:42:13 Content-Type: multipart/alternative; boundary="=_alternative 004B2D51852574B2_=" X-Virus-Checked: Checked by ClamAV on apache.org --=_alternative 004B2D51852574B2_= Content-Type: text/plain; charset="US-ASCII" I sent something on this topic a couple of weeks ago and did not get a response, so I'll try again with perhaps a bit more motivation... We would like to be able to implement ACL policies in SPL that do not depend on implementation-dependent anchor classes to capture the results of the decision. My suggestion is to use the condition statement evaluation results to implement ACL policies. If people agree, then we need to be able to retrieve the result of the condition evaluation after policy evaluation. Currently all that is returned by SPLPolicy.evaluate() is a status code (error, success, not evaluated), but we could simply change this to return a new EvaluationStatus object that contains the condition results, current status value, and any other data that might be useful in the future. If I don't hear from anyone that this is a bad idea and would not be acceptable in Imperius, I guess I'll go ahead and try implementing this. David Wood Network Server System Software Group IBM TJ Watson Research Center dawood@us.ibm.com 914-784-5123 (office), 914-396-6515 (mobile) --=_alternative 004B2D51852574B2_=--