thực hiện các thuật toán quyết định càng nhanh càng tốt. Cả hai của các mục tiêu này có thể được trong cuộc xung đột với người khác chẳng hạn như tốc độ truy cập hoặc chính quyền xem xét lại định nghĩa. Bất kỳ nhà cung cấp giải pháp cụ thể nào sẽ đại diện cho một bộ duy nhất của thỏa hiệp. | Security Architecture Basics 67 execute the decision algorithm as quickly as possible. Both of these goals may be in conflict with others such as speed of access definition review or administration. Any particular vendor solution will represent a unique set of compromises. For example a model may store access rules for a subject in a set-theoretic manner User X is ALLOWED access to A B C D E via one rule but DENIED access to C D via another. We have to compute the set difference between these two rules to arrive at a decision on a specific access request Can X read B Yes . We can view each access decision as combining all available data to arrive at a list of access control rules and applying a decision process to the set of rules. In general when multiple rules apply to an access decision on whether a given subject in a given context can access an object the policy must resolve the multiple directives into an acceptable decision. The resolution strategy should have the following properties Consistency. The outcome of an access decision should be the same whenever all the parameters to the decision and any external factors used in resolution are repeated. Completeness. Every form of allowed access should correspond to an expected application of the security policy. The resolution algorithm must of course correctly implement policy. The modes of resolving multiple rules fall into one of three options. First fit. The access control rules are ordered in a linear fashion and rules are applied in order until one rule either explicitly allows or denies access. No further examination is conducted. If all rules have been found inapplicable access is denied by a fall-through exception rule of least privilege. Worst fit. All applicable rules are extracted from the rule base and examined against the parameters of the access decision. Access is allowed only if all rules allow access. If no applicable rules are found or if any rule denies access then the subject is refused .