OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only
Back to discussions
Expand all | Collapse all

Re: [xacml] change request: xacml context attributes and data types

  • 1.  Re: [xacml] change request: xacml context attributes and data types

    Posted 09-27-2002 10:03 
     MHonArc v2.5.2 -->


















    xacml message
    







    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    







    Subject: Re: [xacml] change request: xacml context attributes and data types
    







    



    On Fri, 27 Sep 2002, Anne Anderson wrote:

> But, as discussed on yesterday's call, a <Subject> may have more
> than one subject-id attribute.  For example, one may give the
> rfc822Name under which the subject authenticated, and another may
> give the x500Name.
>
> The datatype is required to allow the AttributeDesignator to
> select the instance of the attribute that has the correct
> datatype for the function in which the designator occurs.

Right, if the dataType attribute exists, if you are looking for attributes
of a particular datatype, of which our XACML strong type system will
infer, you can pick them out of the context by the dataType attribute.

It can be optional, however, as I pointed out in my last email, you have
to decide on what to do with the designator if the AttributeValue isn't a
valid parseable representation of the data type named in the dataType
attribute.

Finish Vodka

Cheers,
-Polar

>
> Anne
>
> On 27 September, Simon Godik writes: [xacml] change request: xacml context attributes and data types
>  > From: Simon Godik <simon@godik.com>
>  > To: xacml@lists.oasis-open.org
>  > Subject: [xacml] change request: xacml context attributes and data types
>  > Date: Fri, 27 Sep 2002 00:30:29 -0700
>  >
>  > Currently <xacml-context:Attribute> element allows DataType attribute.
>  >
>  > Rationale for keeping DataType attribute in the <xacml-context:Attribute> element was that
>  > it can sometimes be helpful, such as specifiying subject-id format, like
>  > subject-id="cn=simon", data-type="x500-name"
>  >
>  > But this information is redundant, because subject-id attribute will be passed to the specific
>  > function that expects arguments of certain type. For example, if subject-id is passed to
>  > the x500Name-equal function it expects it's arguments to be in x500 name format.
>  >
>  > So data type does not add value here.
>  >
>  > Another problem is that we can not access DataType attribute with AttributeDesignator.
>  >
>  > Proposal: remove DataType attribute from the <xacml-context:Attribute>.
>  >
>  > Simon
>  >
>  > <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
>  > <HTML><HEAD>
>  > <META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
>  > <META content="MSHTML 5.50.4522.1800" name=GENERATOR>
>  > <STYLE></STYLE>
>  > </HEAD>
>  > <BODY bgColor=#ffffff>
>  > <DIV><FONT face=Arial size=2>Currently &lt;xacml-context:Attribute&gt; element
>  > allows DataType attribute.</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>Rationale for keeping DataType attribute in the
>  > &lt;xacml-context:Attribute&gt; element was that</FONT></DIV>
>  > <DIV><FONT face=Arial size=2>it can sometimes be helpful, such as specifiying
>  > subject-id format, like</FONT></DIV>
>  > <DIV><FONT face=Arial size=2>subject-id="cn=simon",
>  > data-type="x500-name"</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>But this information is redundant, because
>  > subject-id attribute will be passed to the specific</FONT></DIV>
>  > <DIV><FONT face=Arial size=2>function that expects arguments of certain type.
>  > For example, if subject-id is passed to</FONT></DIV>
>  > <DIV><FONT face=Arial size=2>the x500Name-equal function it expects it's
>  > arguments to be in x500 name format.</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>So data type does not add value here.</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>Another problem is that we can not access DataType
>  > attribute&nbsp;with&nbsp;AttributeDesignator.</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>Proposal: remove DataType attribute from the
>  > &lt;xacml-context:Attribute&gt;.</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV>
>  > <DIV><FONT face=Arial size=2>Simon</FONT></DIV>
>  > <DIV><FONT face=Arial size=2></FONT>&nbsp;</DIV></BODY></HTML>
>
> --
> Anne H. Anderson             Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311     Tel: 781/442-0928
> Burlington, MA 01803-0902 USA  Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>


    





    







    


    [Date Prev]
 | [Thread Prev]
 | [Thread Next]
 | [Date Next]

--

[Date Index]
 | [Thread Index]
 | [Elist Home]
    


    
  

    


    







    Powered by eList eXpress LLC


Related Content