MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] IsPresent semantics
Comments inline.
On Tue, 29 Oct 2002, Anne Anderson wrote:
> On 29 October, Polar Humenn writes: [xacml] IsPresent semantics
> > The MustBePresent attribute governs whether this element
> > returns false or indeterminate in the case of finding no value
> > for the named attribute in the request context. In this case,
> > if the MustBePresent attribute is set to false, which is its
> > default value, this element SHALL result in false. However,
> > for this case, if the MustBePresent attribute is set to true,
> > the expression SHALL result in indeterminate. Regardless of
> > the MustBePresent attribute, if it cannot be determined
> > whether the attribute is present or not present in the request
> > context, or the value of the attribute is unavailable, then
> > the expression SHALL result in indeterminate.
>
> This is not clear. I suggest:
>
> The MustBePresent attribute governs whether this element
> returns false or indeterminate in the case of finding no value
> for the named attribute in the request context. If the value
> can not be located and the MustBePresent attribute is set to
> false (its default value), then the
> <ResourceAttributeIsPresent> element SHALL result in false. If
> the value can not be located and the MustBePresent attribute is
> set to true, then the element SHALL result in indeterminate.
> Regardless of the MustBePresent attribute, if it cannot be
> determined whether the attribute is present or not present in
> the request context, or if the value of the attribute is
> unavailable due to any error, then the
> <ResourceAttributeIsPresent> element SHALL result in
> indeterminate.
Okay.
> > The DataType attribute MUST match, by
> > string [Qname?] equality, that of the DataType attribute of
>
> I would think it would be "anyURI-equal". We are defining the
> DataType attribute to be of type anyURI.
Is that what we are doing?
We are no longer naming things "xsi:integer"?
> > the same <xacml-context:Attribute> element. If the Issuer
> > attribute of this <ResourceAttributeIsPresent> element is
> > supplied, it MUST match, by string equality, the Issuer
>
> Again, I think it would be "anyURI-equal", since the Issuer
> attribute is of type anyURI.
I suppose so. We have a problem. The Issuer is an "xs:string" in the
context, and "xs:anyURI" in the policy. (I am looking at 16j)
> > attribute of the same <xacml-context:Attribute> element.
>
> > If the Issuer attribute of this <ResourceAttributeIsPresent>
> > element is not supplied, presence SHALL be governed by
> > AttributeId and DataType attributes alone, regardless of the
> > Issuer attribute of the same <xacml-context:Attribute> element
> > even if the Issuer attribute is not supplied in the located
> > <xacml-context:Attribute> element.
>
> Not clear. I suggest.
>
> If the Issuer attribute of this <ResourceAttributeIsPresent>
> element is not supplied, presence SHALL be governed by
> AttributeId and DataType attributes alone, regardless of the
> presence, absence, or actual value of the Issuer attribute of
> the otherwise matching <xacml-context:Attribute> element.
Okay.
> > AttributeId [Required]
> >
> > This attribute SHALL specify the AttributeId of which to match the
> > attribute.
>
> Change "of which to match" to "value with which to match"
Okay.
> >
> > DataType [Required]
> >
> > This attribute SHALL specify the DataType of which to match the
> > attribute.
>
> Change "of which to match" to "value with which to match"
Okay.
> > Issuer [Optional]
> >
> > This attribute, if supplied, SHALL specify the Issuer of which to
> > match the attribute.
> >
>
> Change "of which to match" to "value with which to match"
>
> Otherwise, looks OK to me.
Now the question is. Simon, is that what you want for the semantics of the
MustBePresent attribute?
If it is, then we can place it in the AttributeDesignatorType.
I can reorganize the text for each *IsPresent element for each
corresponding *Designator element.
-Polar
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC