OASIS eXtensible Access Control Markup Language (XACML) TC

 View Only

RE: [xacml] is-present-designators (fwd)

  • 1.  RE: [xacml] is-present-designators (fwd)

    Posted 11-05-2002 18:12
     MHonArc v2.5.2 -->
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    
    

    xacml message

    [Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]


    Subject: RE: [xacml] is-present-designators (fwd)


    On Tue, 5 Nov 2002, Daniel Engovatov wrote:
    
    > I agree.  They are not critical and the functionality can be temporarily
    > added as an extension function if some policy really needs it.
    
    Not quite. The only extension function, by using the XACML way of defining
    a new FunctionId, can only do what Simon said, take a bag of elements from
    an *AttributeDesignator, of which they have already been retrieved, and
    then just count the elements in the bag.
    
    However, I would like to make statements like:
    
    If attribute XXX is present and it does NOT match George then Deny.
    
    A simple use of a subject-match, e.g.
    
    (not (subject-match "string-equals" <subj-attr-desg "XXX"> "George"))
    
    doesn't cut it.
    
    I definately need
    
    (subject-attr-is-present "XXX") and (not (subject-match ....)))
    
    To get the right semantic.
    
    -Polar
    
    
    >