OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: [xacml] xpath-expression datatype

  • 1.  RE: [xacml] xpath-expression datatype

    Posted 08-27-2004 16:24
     MHonArc v2.5.0b2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]


    Subject: RE: [xacml] xpath-expression datatype


    On Fri, 27 Aug 2004, Anne Anderson wrote:
    
    > existing functions.  Yet I think "string to be interpreted as an
    > XPath expression" does not give implementers or policy writers
    > sufficient type checking capability.  I can also see extension
    > functions defined that would use an "xpath-expression" datatype,
    > and those would not necessarily be for hierarchical resources.
    >
    > I suggest we extend the definition of the existing XPath-based
    > functions in A.3.14 to accept EITHER "...#string" OR
    > "...:xpath-expression", and indicate that "...#string" is
    > deprecated.  And then leave the definition of the
    > "...:xpath-expression" datatype in the core specification.  This
    > does not break backwards compatibility.
    
    That will break the type system.
    
    > Another option would be to re-define the XPath-based functions in
    > A.3.14 with new identifiers: urn:oasis:names:gc:xacml:2.0:...,
    > and then change the definitions to use "...:xpath-expression".
    > Then 2.0 implementations that are backwards compatible can
    > continue to support the 1.0 versions, but the 2.0 versions can be
    > strongly typed.
    
    That would be the better way.
    
    Still, there seems to be a desire to "build" these expressions on the fly.
    So, you in order to use the string functions to make them, you would need
    a type coercive function that takes a string type to an xpath expression
    type. It's not a do nothing function either.  (This function would have
    the added benefit of throwing an Indeterminate if what you built on the
    fly was an invalid xpath expression).
    
    Cheers,
    -Polar
    
    > Anne
    > --
    > Anne H. Anderson             Email: Anne.Anderson@Sun.COM
    > Sun Microsystems Laboratories
    > 1 Network Drive,UBUR02-311     Tel: 781/442-0928
    > Burlington, MA 01803-0902 USA  Fax: 781/442-1692
    >
    >
    > To unsubscribe from this mailing list (and be removed from the roster of the OASIS TC), go to http://www.oasis-open.org/apps/org/workgroup/xacml/members/leave_workgroup.php.
    >
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]