Targets
Targets in ALFA policies, policy sets, and rules define the conditions for rule evaluation. They are specified using the target keyword and follow a hierarchical structure similar to the XACML standard.
A target clause that evaluates to:
- false, results in a "Not Applicable" rule outcome.
- true, prompts the Policy Decision Point (PDP) to evaluate the rule's condition, which if:
- false, results in a "Not Applicable" rule outcome.
- true, leads the PDP to return the rule's defined outcome.
If either the target or condition fails to evaluate (for example, due to a missing attribute), the rule outcome is "Indeterminate."
Rules exist within policies and the latter can also include target clauses. The PDP considers a policy's rules only if the policy has no target clause, or if at least one of its target clauses evaluates to true.
Match expressions in targets
The XACML 3.0 standard requires the Match element to contain an AttributeValue followed by AttributeDesignator or AttributeSelector. However, ALFA offers flexibility in this regard, allowing the order to be disregarded if the match function is commutative or an inverse function to the match function exists.
Read more details in the Function declarations section.
Commutativity implies that changing the order of the operands does not affect the result.
The standard functions are declared with inverses in system.alfa so that you don't need to worry about the order. If the function is neither commutative nor has an inverse, then the order should be maintained in the match element to avoid compile errors.