MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] XPath/AttributeSelector question
Thanks for your comments on this issue! A few comments/questions:
On Thu, 2004-05-06 at 21:00, Satoshi Hada wrote:
> >> the term "context node" this means not only that the
> >> Request element is the root of the XPath query, but that the
> Request
> >> element also provides all namespace information. Is this correct?
>
> I don't think the term has some implication about how or where we need
> to provide namespace-related information,
> in particular, where we specify the required PREFIX-to-URI mapping
> (But I may be wrong).
Ok. Since I didn't see any text elsewhere in the specification about
namespace mapping, I wasn't sure if the intent of the term "context
node" was to define the mapping or not. Thanks.
> Please see the mails with the title "Test cases for Attribute
> Selector" for related discussion.
> http://lists.oasis-open.org/archives/xacml-comment/200303/maillist.html
Right, this raises a similar question to mine, but it doesn't lead to a
resolution. Has this issue been discussed in the TC before? Was there
concensus on namespace resolution? I think it would be a good idea to
make this clearer in 2.0 so there's no ambiguity about namespace
handling.
> I have two comments on this issue.
>
> (A)
> Personally, I feel the namespace information (xmlns attributes)
> required to resolve an XPath expression
> should be provided in policies but not in request contexts since
> attribute selectors (and XPath expressions) are specified in policies
> but not in request contexts. If a policy specifies an XPath expression
> (e.g. /md:record) in an attribute selector but
> provides no namespace information (no "xmlns:md" attribute), then I
> think the policy is ambiguous by itself.
That sounds fine to me. The problem I was having is that I don't see
anything in the specification that makes this clear. Am I just missing
that text? :) If not, I think it would be a good idea to clarify this in
XACML 2.0.
> (B)
> There is no reason why we must use the same namespace prefix to
> represent a namespace URI
> in policies and request contexts.
> Take for example the IIF007 testcase. The policy and request use the
> same prefix "md".
> However, I believe that it should work even if the policy and reqeust
> use two different prefixes:
> 1) In IIIF007Policy.xml, replace the prefix "md" with a different one
> (e.g. "medical"), but
> 2) In IIIF007Request.xml, leave the prefix "md" as it is.
> Note that the two prefixes still represent the same URI.
> In this case, information required to resolve the "medical" prefix
> should be provided in IIIF007Policy.xml
> and information required to resolve the "md" prefix should be provided
> in IIIF007Request.xml
I agree. This makes complete sense, especially given your comment A
above.
> From my perspective, IIIF002Request.xml does not need to have the
> "xmlns:md" attribute since
> it does not use the prefix "md" in it (even though IIIF002Policy.xml
> uses it).
Agreed.
seth
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]