MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Re: [xacml] Request Context Attribute question
Polar Humenn wrote:
> Q1: How is equality amongst attributes defined? Which components matter?
> attribute-id
> data-type
> issuer
> issue-instant?
> attribute-value
>
> We only have facility to match on attribute-id, data-type, and issuer,
> correct?
That's my understanding. A designator requires a datatype and id, which
must match. You may also supply an issuer, which also must match. The
issue-instant may be useful in a selector, but there's nothing in the
XACML specification that talks about matching using this value. The same
is true for values.
> Q2: Do we have a requirement for multiple EQUAL attributes? (i.e. the same
> attribute-id, data-type, issuer, (issuer-instant?), AND THE SAME
> VALUE?
>
> To phrase it differently, For example, does anybody have a requirement
> to get 3 attributes of the same value?
I don't know that there is a requirement, but it is certainly supported.
You are allowed to have as many attribute values as you like with the
same id and datatype, and there are no rules that these attributes can't
have the same value. I know that doesn't really answer your question,
but I thought I'd at least provide some data :)
FWIW, it seems to me that a requirement here might imply a requirement
for "is present" and/or "is not present."
seth
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]