Title: RE: [xacml] Observation on "context" Anne - I think I am starting to "get the picture". Forgive me for being slow on the uptake. Would this be another way of putting it ? ... The basic entities are universal, regardless of the application domain. They are the subject, resource and action. The SAML data models for these entities are inadequate. There are some universal aspects to these data models (subjects have attributes, for instance). But, some elements differ between application domains and (in addition) we cannot anticipate how domains may need to extend these data models. This sounds like a job for XML, because it can express arbitrarily-complex data models and is extensible. If this is the case, I might want to rethink my view that XPATH is not the right way to identify context elements. If we are deliberately choosing an extensible mark-up language to model the context, then perhaps all the tools associated with that language should be available to us to manipulate an instance of it. An XPATH expression would be a convenient way to identify an element such as: 'the role attribute of the subject whose name is "codesigner"'. For sure, we don't need the full complexity of XPATH, but perhaps we could define a small subset. Thoughts any one? All the best. Tim. ----------------------------------------- Tim Moses Tel: 613.270.3183