MHonArc v2.5.0b2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: Need regexp-uri-match function
If we are going to use our existing "regexp-string-match"
function to compare URIs, that means the DataType of the
Attribute whose value is a URI must be "#string".
This means you can't mix constraints that use the existing
"#anyURI-equal" function with constraints that use the
"regexp-string-match" matching on the same "URI" AttributeValue.
I think this means we do away with the "#anyURI" DataType, and
would have to express all URIs as "#string". Otherwise, the
Request may ask for a resource using "#anyURI", while the policy
constrains the resource using "regexp-string-match", or vice
versa.
It also means you can't have two values for the same Attribute,
one that is a URI and the other that is a string, and be able to
distinguish them by DataType.
I think all these are bad.
I suggest we create a new function called
"urn:oasis:names:tc:xacml:2.0:function:regexp-uri-match" that
takes two arguments. The first argument SHALL be DataType
"#string" and SHALL contain a regular expression. The second
argument SHALL be DataType "#anyURI" and SHALL specify a URI
value to be matched.
The implementation of the function can be the same as the
implementation of "regexp-string-match", just that the second
argument value is treated as a string even though its DataType is
"#anyURI".
Anne
--
Anne H. Anderson Email: Anne.Anderson@Sun.COM
Sun Microsystems Laboratories
1 Network Drive,UBUR02-311 Tel: 781/442-0928
Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]