Hi David, I agree with your idea conceptually but there are a few things to consider before doing this
1. A policy can have multiple subpolicies (each with their own conditions). I guess the trick would be to determine how to populate this EvaluationStatus object. 2. To keep things in sync with the CIM-SPL spec. Currently the spec expects a numeric return code (or an exception) as a result of policy execution. So we would have to figure out how this can be accomodated. Thanks Neeraj ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "The light at the end of the tunnel...may be you" Neeraj Joshi WebSphere XD - Compute Grid AIM, IBM Apache Imperius - http://incubator.apache.org/imperius ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ David Wood/Watson/[EMAIL PROTECTED] 08/27/2008 09:42 AM Please respond to imperius-dev@incubator.apache.org To imperius-dev@incubator.apache.org cc Subject ACL policies I sent something on this topic a couple of weeks ago and did not get a response, so I'll try again with perhaps a bit more motivation... We would like to be able to implement ACL policies in SPL that do not depend on implementation-dependent anchor classes to capture the results of the decision. My suggestion is to use the condition statement evaluation results to implement ACL policies. If people agree, then we need to be able to retrieve the result of the condition evaluation after policy evaluation. Currently all that is returned by SPLPolicy.evaluate() is a status code (error, success, not evaluated), but we could simply change this to return a new EvaluationStatus object that contains the condition results, current status value, and any other data that might be useful in the future. If I don't hear from anyone that this is a bad idea and would not be acceptable in Imperius, I guess I'll go ahead and try implementing this. David Wood Network Server System Software Group IBM TJ Watson Research Center [EMAIL PROTECTED] 914-784-5123 (office), 914-396-6515 (mobile)
