MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] CR 144: function "present" needs to be fixed.
On Tue, 22 Oct 2002, Simon Godik wrote:
> If we adopt must-be-present it should have additional args:
> must-be-present(attr-kind, attr-id, type-uri);
Ah, yes, do you mean, "Subject", "Resource", "Action"?
Okay, now I can see a problem I didn't see before.
We still will not be able with this method, write a simple "present"
predicate for Subject, since we have requirements for which subject
to get it from.
How about this:
action-attribute-is-present
action-attribute-must-be-present
resource-attribute-is-present
resource-attribute-must-be-present
subject-attribute-is-present
subject-attribute-must-be-present
> We also need similar function for the attribute-selector.
> must-be-present-xpath(xpath-expr, type-uri)
likewise.
The resource-* and action-* functions will take two arguments, which are
attribute values containing the id and data type,
The subject-* functions will take an extra argument that will
be an attribute value that carries the subject category identifier.
> We can not put functions in the target.
That is correct.
> I'd prefer to have mustBePresent attribute in the attribute-designator
> and attribute-selector elements. When it's value is set to 'true' and
> attribute is not found, attribute-designator expression shall evaluate to
> indeterminate.
That may be simple in the condition, but like I said before, this
complicates targeting.
-Polar
> Simon
>
>