OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] [CR] PDP-supported attributes

  • 1.  [xacml] [CR] PDP-supported attributes

    Posted 10-29-2002 17:10
    STATUS: Editorial. Implementation of #149 resolution. TEXT LOCATION: 10.3.5 Attributes, following "...their semantics are not transparent to the PDP implementation." TEXT CHANGE: Append: If a value for one of these attributes is supplied in the original Request, then the PDP MUST use that value. Otherwise, the PDP MUST supply a value. For the date and time attributes, the supplied value MUST have the semantics of "date and time that apply to the Request". For the subject-category attribute, the supplied value is the default value of "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject". TEXT LOCATION: 10.3.5 Attributes, at end of table of attribute identifiers, following ...current-dateTime M. TEXT CHANGE: Append: urn:oasis:names:tc:xacml:1.0:subject:subject-category M TEXT LOCATION: 10.3.6 Identifiers, first paragraph, following "...since the semantics of the attributes are transparent to the PDP." TEXT CHANGE: Delete the following sentence: The attribute "urn:oasis:names:tc:xacml:1.0:subject:subject-category" MUST be supported, since it is implicit with a value of "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" if no other subject-category attribute value is specified. DISCUSSION: These changes make the resolution to "CR#0149: [Seth Proctor] Environment attributes" specific. Also, the special handling for subject:subject-category are moved from 10.3.6 Identifiers up to 10.3.5 Attributes, since the 10.3.5 is where attributes requiring special PDP handling are described. Anne Anderson and Seth Proctor -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692