MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: [xacml] Some more matching problems
In writing the stuff for the subjects, I've encountered a problem for the
QualifiedSubjectAttributeDesignator. I think Seth was onto something in
0154 and 0155, but perhaps missed it a bit.
The SubjectAttributeDesignator takes AttributeId, DataType, MustBePresent,
and SubjectCategory. It restricts the lookup of the named subject
attributes to the <Subject> matching the SubjectCategory.
The QualifiedSubjectAttributeDesignator performs no such category
restriction. It just takes AttributeId, DataType, MustBePresent, plus a
bunch of <SubjectMatch>. The <SubjectMatch>s are supposed to be restricted
to one subject.
The only problem is that each SubjectMatch has an
SubjectAttributeDesignator in it, which *ALREADY* restricts the look up
to a particular subject matching the subject category.
So, as a result, a QualifiedSubjectAttributeDesignator must have
SubjectMatches all with the SAME subject category, or it wont retrieve
anything. Also, having one SubjectMatch restricts it already to one
Subject just by virtue of the category, which I think is not the case we
want.
-Polar
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC