madurangasiriwardena
commented
6 years ago Please revert the commits with version update. Versions will be automatically updated with the release of the repository. And please fix the comments in the PR.
Closed kyleolivo closed 6 years ago
madurangasiriwardena
commented
6 years ago Please revert the commits with version update. Versions will be automatically updated with the release of the repository. And please fix the comments in the PR.
kyleolivo
commented
6 years ago @madurangasiriwardena Thanks for looking at this! I've reverted the version changes and applied consistent formatting to those conditionals.
madurangasiriwardena
commented
6 years ago @kyleolivo Thank you for your contribution!
Purpose
I noticed that the Status object returned in the AbstractResult sometimes did not return a Message or Details when an attribute name in the request did not match what was expected in the policy. On reviewing the XACML standard, it appears that returning the indeterminate_deny result was missed from the PermitOverridesPolicyAlg class. This change corrects that omission and conforms with the XACML standard: http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-os-en.html#_Toc325047272
Goals
Returns the indeterminate_deny result when applicable.
Approach
Added one conditional that conforms with the XACML specification.
User stories
N/A
Release note
Fix issue where "Indeterminate Deny" decisions did not produce an "Indeterminate Deny" result when the Permit Overrides combining algorithm is used.
Documentation
N/A - This behavior is expected according to the XACML specification.
Training
N/A
Certification
N/A
Marketing
N/A
Automation tests
N/A
Security checks
N/A
Samples
N/A
Related PRs
N/A
Migrations (if applicable)
N/A
Test environment
N/A
Learning
N/A