MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: Re: [xacml] bags and targets. Forwarded message from Seth Proctor.
On Fri, 18 Oct 2002, Anne Anderson wrote:
> On 17 October, Polar Humenn writes: Re: [xacml] bags and targets. Forwarded message from Seth Proctor.
> > This sentence means exactly what it says. If the the selector or
> > designator evalutates to an empty bag, then there is no match, i.e. the
> > match "predicate" is False.
>
> Isn't this in direct contradiction to your proposed text for
> "7.4.2.2 Missing Attributes":
>
> 7.4.2.2 Missing Attributes
>
> The PDP SHALL consider an attribute as missing if it
> evaluates an expression that requires at least one value to
> be present from an attribute designator or selector.
No,
This says if the PDP "evaluates an expression that requires at least one
value to be present"
Such an example would be
<Apply FunctionId="string-one-and-only">
<AttributeDesignator
AttributeId="urn:...:name"
DataType="xs:string"/>
</Apply>
> In this
> case, the expression evaluates to "indeterminate". The PDP
> may carry the missing attribute upward in its indeterminate
> value in accordance with the XACML evaluation strategy of the
> encompassing expressions, rules, policies, and policy
> sets. If the PDP evaluates its policy or policy set to
> Indeterminate with a missing attribute, the PDP MAY list the
> AttributeId and DataType of that attribute in the result as
> described in Section 7.5 "Authorization decision". However,
> the PDP MAY choose not to issue such information due to
> security concerns.
>
> Anne
> --
> Anne H. Anderson Email: Anne.Anderson@Sun.COM
> Sun Microsystems Laboratories
> 1 Network Drive,UBUR02-311 Tel: 781/442-0928
> Burlington, MA 01803-0902 USA Fax: 781/442-1692
>
>
> ----------------------------------------------------------------
> To subscribe or unsubscribe from this elist use the subscription
> manager: <http://lists.oasis-open.org/ob/adm.pl>
>
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Powered by eList eXpress LLC