Change Request: Add an identifier for an Action Attribute that means that the Action to be performed is contained in or implied by the name of the Resource. Rationale: Back when an Action was a URN, we had decided to support a special URN for "implied action". Now that an Action has Attributes, we need to reserve an AttributeId for this "action". It is not sufficient to omit all Attribute elements from the Context Action. In order to match no Action Attributes, a Policy Target would need to accept "AnyAction", which is dangerous. Implied actions occur frequently in J2SE. There is no automated way to separate the "action" from the "resource" in these cases. Current identifier value: [none] Requested identifier value: BASE:implied-action Requested semantics: In some cases, an access request refers to a resource, but not to any separate action. In these cases, the action to be performed is contained in, or is otherwise implied by, the resource information in the access request. In XACML, these cases are handled by using a Request Action having a single Attribute with AttributeId="BASE:implied-action" and no associated AttributeValue. If a Request Action contains an Attribute with AttributeId="BASE:implied-action", this satisfies the Target Actions of any PolicySet, Policy, or Rule with Target Actions of <AnyAction>. It also matches any ActionAttributeDesignator with AttributeId="BASE:implied-action", whether in the Target or in a Condition. Anne Anderson -- Anne H. Anderson Email:
Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692