OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

Identifier equality proposal

  • 1.  Identifier equality proposal

    Posted 11-21-2011 13:03
    All, There has been a thread on the users list discussing how identifiers are compared in XACML. http://lists.oasis-open.org/archives/xacml-comment/201110/msg00000.html Here is a proposal for how to fix this. We add a new subsection to section 7. In terms of text flow, putting this first would be nicest, but that would renumber every other subsection in section 7, so to avoid the risk of errors from that, I suggest putting this at the end so it gets the number 7.20. The following is the text. --8<-- 7.20 Identifier matching XACML makes use of URIs and strings as identifiers. When such identifiers are compared for equality, the comparison MUST be done so that the identifiers are equal if they have the same length and the characters in the two identifiers are equal codepoint by codepoint. The following is a list of the identifiers which MUST use this definition of equality. The content of the element <XPathVersion>. The XML attribute Value in the element <StatusCode>. The XML attributes Category, AttributeId, DataType and Issuer in the element <MissingAttributeDetail>. The XML attribute Category in the element <Attributes>. The XML attributes AttributeId and Issuer in the element <Attribute>. The XML attribute ObligationId in the element <Obligation>. The XML attribute AdviceId in the element <Advice>. The XML attributes AttributeId and Category in the element <AttributeAssignment>. The XML attribute ObligationId in the element <ObligationExpression>. The XML attribute AdviceId in the element <AdviceExpression>. The XML attributes AttributeId, Category and Issuer in the element <AttributeAssignmentExpression>. The XML attributes PolicySetId and PolicyCombiningAlgId in the element <PolicySet>. The XML attribute ParameterName in the element <CombinerParameter>. The XML attribute RuleIdRef in the element <RuleCombinerParameters>. The XML attribute PolicyIdRef in the element <PolicyCombinerParameters>. The XML attribute PolicySetIdRef in the element <PolicySetCombinerParameters>. The anyURI in the content of the complex type IdReferenceType. The XML attributes PolicyId and RuleCombiningAlgId in the element <Policy>. The XML attribute RuleId in the element <Rule>. The XML attribute MatchId in the element <Match>. The XML attribute VariableId in the element <VariableDefinition>. The XML attribute VariableId in the element <VariableReference>. The XML attributes Category, ContextSelectorId and DataType in the element <AttributeSelector>. The XML attributes Category, AttributeId, DataType and Issuer in the element <AttributeDesignator>. The XML attribute DataType in the element <AttributeValue>. The XML attribute FunctionId in the element <Function>. The XML attribute FunctionId in the element <Apply>. It is RECOMMENDED that extensions to XACML use the same definition of identifier equality for similar identifiers. --8<-- Best regards, Erik