OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] IsPresent semantics

  • 1.  [xacml] IsPresent semantics

    Posted 10-29-2002 13:29
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: [xacml] IsPresent semantics


    
    I'm writing up the semantics for the *IsPresent elements, and I want your
    immediate feed back for this ResourceAttributeIsPresent text, as the other
    elements will just probably be a cut and paste of it with the names
    changed.
    
    Note, that this text should also apply to the *AttributeDesignator
    elements as well, as they are close counterparts.
    
    Q: What about QName equality? See match on DataType.
    
    
    
    5.1.x Element <ResourceAttributeIsPresent>
    
    The <ResourceAttributeIsPresent> element SHALL result in true if the
    named resource attribute can be located from within the <Resource>
    element of the <xacml-context:Request> element. A result of true SHALL
    mean that an <ResourceAttributeDesignator> element for this named
    attribute will return a bag consisting of at least one attribute value.
    The MustBePresent attribute governs whether this element returns false
    or indeterminate in the case of finding no value for the named attribute
    in the request context. In this case, if the MustBePresent attribute is
    set to false, which is its default value, this element SHALL result in
    false. However, for this case, if the MustBePresent attribute is set to
    true, the expression SHALL result in indeterminate. Regardless of the
    MustBePresent attribute, if it cannot be determined whether the
    attribute is present or not present in the request context, or the value
    of the attribute is unavailable, then the expression SHALL result in
    indeterminate.
    
    A resource attribute SHALL be considered present if at least one
    attribute exists within the <Resource> in the <xacml-context:Request>
    element that matches the values of their corresponding AttributeId,
    DataType, and Issuer attributes. The AttributeId attribute MUST match,
    by string equality on the URIs, that of the AttributeId attribute of the
    <xacml-context:Attribute> element. The DataType attribute MUST match, by
    string [Qname?] equality, that of the DataType attribute of the same
    <xacml-context:Attribute> element. If the Issuer attribute of this
    <ResourceAttributeIsPresent> element is supplied, it MUST match, by
    string equality, the Issuer attribute of the same
    <xacml-context:Attribute> element. If the Issuer attribute of this
    <ResourceAttributeIsPresent> element is not supplied, presence SHALL be
    governed by AttributeId and DataType attributes alone, regardless of the
    Issuer attribute of the same <xacml-context:Attribute> element even if
    the Issuer attribute is not supplied in the located
    <xacml-context:Attribute> element.
    
    The <ResourceAttributeIsPresent> MAY be passed to the <Apply> element as
    an argument.
    
        <xs:element name="ResourceAttributeIsPresent"
                    type="xacml:AttributeDesignatorType"/>
    
    The <ResourceAttributeIsPresent> element is of the
    AttributeDesignatorType complex type.
    
    The <ResourceAttributeIsPresent> element has the following attributes:
    
    AttributeId [Required]
    
        This attribute SHALL specify the AttributeId of which to match the
        attribute.
    
    DataType [Required]
    
        This attribute SHALL specify the DataType of which to match the
        attribute.
    
    Issuer [Optional]
    
        This attribute, if supplied, SHALL specify the Issuer of which to
        match the attribute.
    
    MustBePresent [Optional]
    
        This attribute, if set to "false," specifies that this element SHALL
        result in false if no matching attributes can be found. This
        attribute, if set to "true," specifies that this element SHALL
        result in indeterminate if no matching attributes can be found. If
        this attribute is not supplied, its default value SHALL be "false".
    
    
    


    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Powered by eList eXpress LLC