OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] functions specifications: string-equal and whitespace

  • 1.  Re: [xacml] functions specifications: string-equal and whitespace

    Posted 09-09-2002 09:49
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: Re: [xacml] functions specifications: string-equal and whitespace


    
    - Handling whitespace
    
    XPath 1.0 (and 2.0) has a function called normalize-space() that strips
    leading and trailing whitespace and replacing sequences of whitespace
    characters by a single space. Some people suggests to use this function
    whenever string equality is checked on a XML document. That hides subtle
    issues like how to handle whitespace in XML. However, some applications may
    need non-normlized string comparison.
    
    So my suggestion is to support two kinds of string-equal functions:
    string-equal and normalized-string-equal. The string-equal does not
    normalize the string and the normalized-string-equal works as if it invokes
    normalize-space() function internally before comparison is made. The
    normalized-string-equal function is necessary if a user need to specify
    this function in MatchId attribute. When string-equal is used, any
    whitespace handling specifier "xml:space" attribute on XACML Request
    Context will be ignored except for the element inside the ResourceContent
    element.
    
    - Semantics of the string comparison
    
    XPath 2.0 defines xf:compare function instead of defining xf:string-equal
    function. The xf:compare has an optional argument called "collation" that
    specifies Unicode collation algorithm. The draft says, if it is omitted,
    the default collation is used (but its rule is TBD). Then, if we assume
    that there is a default collation for XACML, the function:string-equal is
    defined as "it returns true depending on the value of the first string is
    equal to the value of the second string according to the rules of the
    collation that is used. Otherwise, false is returned". We may add "if
    either argument is the empty sequence, it returns false". Default collation
    in XACML would be "comparison on each character of the string using
    integer-equal".
    
    Michiharu Kudo
    
    IBM Tokyo Research Laboratory, Internet Technology
    Tel. +81 (46) 215-4642   Fax +81 (46) 273-7428
    
    
    
    
                                                                                                                                           
                          Polar Humenn                                                                                                     
                          <polar@syr.edu>          To:       XACML <xacml@lists.oasis-open.org>                                            
                                                   cc:                                                                                     
                          2002/09/07 00:45         Subject:  [xacml] functions specifications                                              
                                                                                                                                           
                                                                                                                                           
                                                                                                                                           
    
    
    
    
    We need explicit specifications or pointers to specifications for the
    certain functions. A specification should include the exact type (i.e.
    xs:string, xs:dateTime, etc) of its arguments and the exact type of its
    return value. Also, we need explicit, if not formal semantics for the
    function's behavior.
    
    Note, their type signature is not sufficient. If we cannot find
    specifications for the following, I'd just assume we leave them out.
    However, that might not be good for some of the functions that we think
    are necessary.
    
    I'm reluctant to issue defintions for these things, because, I'm not up on
    internationalization of strings, and I'm definiately not familiar with the
    nuances of XML processing. For instance, "string-equal" works two
    arguments of xs:string. In XML, what do you do with leading and trailing
    whitespace or mulitiple lines? Does leading and trailing white space get
    ignored, or reduced, etc.? I'll bet *everybody* had a different approach.
    
    The following functions need specification: (They are also listed in the
    Functions Document I put on the list with [NEED SPECIFICATION]. Here's a
    compiled list.
    
                       return    1st Arg   2nd Arg
                       type
    string-equal      xs:boolean xs:string     xs:string
       Q: leading and trailing spaces, multiple lines, etc.
    
    date-equal        xs:boolean xs:date       xs:date
    time-equal        xs:boolean xs:time       xs:time
    dateTime-equal    xs:boolean xs:dateTime   xs:dateTime
    anyURI-equal      xs:boolean xs:anyURI     xs:anyURI
    
    x500Name-equal    xs:boolean xs:x500Name   xs:x500Name
      Q:   Do we have an adequate specification on this from pkix?
    
    rfc822Name-equal  xs:boolean xs:rfc822Name xs:rfc822Name
    hex-equal         xs:boolean xs:hex        xs:hex
       Q: Is the type xs:hex or xs:hexBinary?
       Q: leading and trailing spaces, multiple lines, etc.
    
    base64-equal      xs:boolean xs:base64     xs:base64
       Q: Is the type xs:base64 or xs:base64Binary?
       Q: leading and trailing spaces, multiple lines, etc.
    
    string-greater-than              xs:boolean xs:string  xs:string
    string-greater-than-or-equal     xs:boolean xs:string  xs:string
       Q: leading and trailing spaces, multiple lines, etc.
       Q: What if two different international strings?
    
    
    time-greater-than                xs:boolean xs:time    xs:time
    time-greater-than-or-equal       xs:boolean xs:time    xs:time
       Q: Are these relative to only one day? with Timezones?
    
    date-greater-than                xs:boolean xs:date    xs:date
    date-greater-than-or-equal       xs:boolean xs:date    xs:date
    datetime-greater-than            xs:boolean xs:date    xs:date
    datetime-greater-than-or-equal   xs:boolean xs:date    xs:date
    
    string-match      xs:boolean  xs:string      xs:string
    rfc822Name-match  xs:boolean  xs:rfc822Name  xs:rfc822Name
    x500Name-match    xs:boolean  xs:x500Name    xs:x500Name
    
    Ann has a whole lot of other functions in the compliance tests such
    as:
    
    add-dayTimeDurations
    subtract-dayTimeDuration-from-time
    
    of which I still do not know how they are to proceed. I don't even know if
    we have a type for a datTimeDuration or what it looks like. Does anybody?
    
    I suggest that we leave all of these out, especially if we cannot come up
    with specifications for them. We can add them later when people do figure
    out how they want them to operate.
    
    Cheers,
    -Polar
    
    
    
    ----------------------------------------------------------------
    To subscribe or unsubscribe from this elist use the subscription
    manager: <http://lists.oasis-open.org/ob/adm.pl>
    
    
    
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC