OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
  • 1.  CD-1 issue #16: offset for attribute selector

    Posted 09-11-2009 13:14
    The issue number refers to the XLS-sheet found in this email:
    http://lists.oasis-open.org/archives/xacml/200909/msg00013.html
    
    The commenter proposes that an attribute selector should include an 
    additional xpath parameter which acts as an offset for the xpath of the 
    selector.
    
    I see the that this could be useful, but it is a fairly big change and I 
    am uncertain about the implications so I propose that we push this 
    feature past 3.0 so we can consider it carefully.
    
    Best regards,
    Erik
    
    


  • 2.  RE: [xacml] CD-1 issue #16: offset for attribute selector

    Posted 09-11-2009 14:28
    This could be added as an optional feature with no impact to existing
    implementations.  I would like implementers to study the feasibility and
    impact of this change.
    
    See this thread for discussion and example:
    http://lists.oasis-open.org/archives/xacml-comment/200810/msg00001.html.
    
    Here is the use case that is illustrated in the example in that thread:
    When defining a product structure from re-usable components, you want to
    detect or prevent adding an export-controlled component into a
    non-export-controlled assembly.  The rule can be written very simply by
    using the ancestor list of each descendant node.  However, since the
    initial context is always the root of