OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Re: [xacml] CR 144: function "present" needs to be fixed.

  • 1.  Re: [xacml] CR 144: function "present" needs to be fixed.

    Posted 10-22-2002 13:58
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: Re: [xacml] CR 144: function "present" needs to be fixed.


    On Tue, 22 Oct 2002, Simon Godik wrote:
    
    > If we adopt must-be-present it should have additional args:
    > must-be-present(attr-kind, attr-id, type-uri);
    
    Ah, yes, do you mean, "Subject", "Resource", "Action"?
    
    Okay, now I can see a problem I didn't see before.
    
    We still will not be able with this method, write a simple "present"
    predicate for Subject, since we have requirements for which subject
    to get it from.
    
    How about this:
    
    action-attribute-is-present
    action-attribute-must-be-present
    
    resource-attribute-is-present
    resource-attribute-must-be-present
    
    subject-attribute-is-present
    subject-attribute-must-be-present
    
    > We also need similar function for the attribute-selector.
    > must-be-present-xpath(xpath-expr, type-uri)
    
    likewise.
    
    The resource-* and action-* functions will take two arguments, which are
    attribute values containing the id and data type,
    The subject-* functions will take an extra argument that will
    be an attribute value that carries the subject category identifier.
    
    > We can not put functions in the target.
    
    That is correct.
    
    > I'd prefer to have mustBePresent attribute in the attribute-designator
    > and attribute-selector elements. When it's value is set to 'true' and
    > attribute is not found, attribute-designator expression shall evaluate to
    > indeterminate.
    
    That may be simple in the condition, but like I said before, this
    complicates targeting.
    
    
    -Polar
    
    > Simon
    >
    >