MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: legal values for Strings
In the current example policies, there are several places where we use a
construction like
<AttributeValue DataType="...:string" AttributeId="foo">
<bar>baz</bar>
</AttributeValue>
In other words, we specify a datatype of string and then follow with
complex content. While the specification implies in several places that
this it legal, it never comes out and says so explicitly. This is in
part because we don't define string, but instead we take it from
XMLSchema.
According to XMLSchema, however, string is a simple type, and may not be
used to represent complex content. In other words, string is not
supposed to contain any child elements. If we look at an XACML policy as
a bunch of characters, then we might be meeting this contract. If we
look at an XACML policy as a DOM tree, then we're almost certainly
breaking this contract.
So, a question: is it legal in XACML to use string as the datatype for
what may be interpreted as complex content? I would suggest the answer
is no, unless we want to add explicit text to the XACML specification
explaining why it's ok. Keep in mind that for people using DOM/SAX, the
tree will be interpreted before they see the value, and this can cause
the tags to change their representation (eg, namespacing, macro
replacing, etc).
Any thoughts on this?
seth
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]