MHonArc v2.5.2 -->
xacml message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [Elist Home]
Subject: RE: [xacml] is-present-designators (fwd)
On Tue, 5 Nov 2002, Daniel Engovatov wrote:
> I agree. They are not critical and the functionality can be temporarily
> added as an extension function if some policy really needs it.
Not quite. The only extension function, by using the XACML way of defining
a new FunctionId, can only do what Simon said, take a bag of elements from
an *AttributeDesignator, of which they have already been retrieved, and
then just count the elements in the bag.
However, I would like to make statements like:
If attribute XXX is present and it does NOT match George then Deny.
A simple use of a subject-match, e.g.
(not (subject-match "string-equals" <subj-attr-desg "XXX"> "George"))
doesn't cut it.
I definately need
(subject-attr-is-present "XXX") and (not (subject-match ....)))
To get the right semantic.
-Polar
>