Policy/rule modification

[Erwan G]

Hello,

In the xacml schema I use, I have a main PolicySet that include several sub PolicySet that include several sub Policy ...
I would like to know if it's possible de update only one rule of a specific Policy or a specific Policy without to have to update all the main PolicySet ?

Regards,

Erwan

[René Eggenschwiler]

Hi Erwan,

The feature you asked for is not supported.

Let me explain a little bit....

Evaluation:
1) Inside the PDP every Policy or PolicySet (with all its Policies) is treated 'like' a tree.
2) Such a tree represents 'a root entry' in the PDP.
3) The PDP evaluates these trees and combines them with the combining algorithm which is set in the PDP.

Deployment:
1) A Policy/PolicySet which is deployed is also represented as a tree.
2) The root of such a tree will be added to the PDP (for Evaluation, see point 3 above)

All our modules which belong to the PDP are working with that tree behaviour: Locator, Persistence, Preprocessor etc.

HERAS-AF XACML Implementation treats every deployed Policy or PolicySet which is handed over to the deploy method as a 'root policy/policyset' wich will be combined by the PDP default combining algorithm.

If you want to change that behaviour you would have to implement a custom Locator (indexer), PersistenceManager, Preprocessors etc...

Regards,
René

[Erwan G]

Thank you René for the explanation and again for the reactivity 

Regards,
Erwan