MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] AA11: Clarify "MatchId" functions
> [function:*-one-and-only]???
> [function:*-is-in]???
These functions are not valid for the MatchId, as it would be type
incorrect.
-Polar
On Mon, 14 Oct 2002, Anne Anderson wrote:
> Text location: Section A.11 Matching elements, p. 89, lines
> 3446-3456.
>
> Text change: Replace follow paragraph:
>
> "The match elements: <SubjectMatch>, <ResourceMatch> and
> <ActionMatch> SHALL use XACML standard functions to perform
> the match evaluation. The function used for determinaing a
> match is named in the MatchId attribute of these elements.
> Each of these elements contains a <AttributeDesignator> or
> <AttributeSelector> element and an explicit attribute value.
> The restriction on the function is that the MatchId attribute
> must name a binary function, such that its result type is
> "xs:boolean". Also, each argument to the named function must
> match the appropriate primitive types for the
> <AttributeDesignator> or <AttributeSelector> element and the
> following explicit attribute value, such that the explicit
> attribute value is placed as the first argument to the
> function, while an element of the bag returned by the
> <AttributeDesignator> or <AttributeSelector> element is placed
> as the second argument to the function."
>
> with the following:
>
> "The match elements: <SubjectMatch>, <ResourceMatch> and
> <ActionMatch> SHALL use functions that match two arguments,
> returning a result type of "xs:boolean", to perform the match
> evaluation.The function used for determinaing a match is named
> in the MatchId attribute of these elements. Each argument to
> the named function must match the appropriate primitive types
> for the <AttributeDesignator> or <AttributeSelector> element
> and the following explicit attribute value, such that the
> explicit attribute value is placed as the first argument to
> the function, while an element of the bag returned by the
> <AttributeDesignator> or <AttributeSelector> element is placed
> as the second argument to the function.
>
> The XACML standard functions that may be used as a MatchId
> attribute value are:
>
> function:*-equal
> function:*-greater-than
> function:*-greater-than-or-equal
> function:*-less-than
> function:*-less-than-or-equal
> function:*-match
> [function:*-one-and-only]???
> [function:*-is-in]???
>
> Rationale: explanation of which functions may be used as MatchId
> functions is not clear. Also, function used need not be a
> "standard" function as long as it returns a boolean and its
> arguments follow the required format.
>
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC