OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

[xacml] [Text change] CR#0149: Environment attributes

  • 1.  [xacml] [Text change] CR#0149: Environment attributes

    Posted 11-04-2002 22:26
    This is in response to may action item to reword the SPECIFIC RESOLUTION for this Change Request to fit into Section 7 as a new sub-heading. 1) Add following new Section to 7.9 7.9.1 Environment Attributes The implementation MUST support the environment attributes defined in Section 10.3.5. If a value for one of these attributes is supplied in the original Request, then the PDP SHALL use that value. Otherwise, the PDP SHALL supply a value. For the date and time attributes, the supplied value SHALL have the semantics of "date and time that apply to the Request". 7.9.2 Subject Attributes The implementation MUST support the "urn:oasis:names:tc:xacml:1.0:subject:subject-category" subject attribute defined in Section 10.3.5. For each <Subject> element in the original Request, if a value for this attribute is supplied, then the PDP SHALL use that value. Otherwise, the PDP SHALL supply the default value "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject". If there is more than one subject-category attribute supplied in the original Request for any given <Subject> element, then the original Request is invalid. 2) 10.3.5 Attributes, append following at end of table of attribute identifiers: urn:oasis:names:tc:xacml:1.0:subject:subject-category M 3) 10.3.6 Identifiers, first paragraph, following "...since the semantics of the attributes are transparent to the PDP", delete the following sentence: The attribute "urn:oasis:names:tc:xacml:1.0:subject:subject-category" MUST be supported, since it is implicit with a value of "urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" if no other subject-category attribute value is specified. Anne -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692