OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] IsPresent semantics

  • 1.  Re: [xacml] IsPresent semantics

    Posted 10-29-2002 19:31
    On 29 October, Polar Humenn writes: [xacml] IsPresent semantics > The MustBePresent attribute governs whether this element > returns false or indeterminate in the case of finding no value > for the named attribute in the request context. In this case, > if the MustBePresent attribute is set to false, which is its > default value, this element SHALL result in false. However, > for this case, if the MustBePresent attribute is set to true, > the expression SHALL result in indeterminate. Regardless of > the MustBePresent attribute, if it cannot be determined > whether the attribute is present or not present in the request > context, or the value of the attribute is unavailable, then > the expression SHALL result in indeterminate. This is not clear. I suggest: The MustBePresent attribute governs whether this element returns false or indeterminate in the case of finding no value for the named attribute in the request context. If the value can not be located and the MustBePresent attribute is set to false (its default value), then the <ResourceAttributeIsPresent> element SHALL result in false. If the value can not be located and the MustBePresent attribute is set to true, then the element SHALL result in indeterminate. Regardless of the MustBePresent attribute, if it cannot be determined whether the attribute is present or not present in the request context, or if the value of the attribute is unavailable due to any error, then the <ResourceAttributeIsPresent> element SHALL result in indeterminate. > The DataType attribute MUST match, by > string [Qname?] equality, that of the DataType attribute of I would think it would be "anyURI-equal". We are defining the DataType attribute to be of type anyURI. > the same <xacml-context:Attribute> element. If the Issuer > attribute of this <ResourceAttributeIsPresent> element is > supplied, it MUST match, by string equality, the Issuer Again, I think it would be "anyURI-equal", since the Issuer attribute is of type anyURI. > attribute of the same <xacml-context:Attribute> element. > If the Issuer attribute of this <ResourceAttributeIsPresent> > element is not supplied, presence SHALL be governed by > AttributeId and DataType attributes alone, regardless of the > Issuer attribute of the same <xacml-context:Attribute> element > even if the Issuer attribute is not supplied in the located > <xacml-context:Attribute> element. Not clear. I suggest. If the Issuer attribute of this <ResourceAttributeIsPresent> element is not supplied, presence SHALL be governed by AttributeId and DataType attributes alone, regardless of the presence, absence, or actual value of the Issuer attribute of the otherwise matching <xacml-context:Attribute> element. > AttributeId [Required] > > This attribute SHALL specify the AttributeId of which to match the > attribute. Change "of which to match" to "value with which to match" > > DataType [Required] > > This attribute SHALL specify the DataType of which to match the > attribute. Change "of which to match" to "value with which to match" > > Issuer [Optional] > > This attribute, if supplied, SHALL specify the Issuer of which to > match the attribute. > Change "of which to match" to "value with which to match" Otherwise, looks OK to me. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692